Critical BIOS vulnerability found in Lenovo PCs; may affect other manufacturers too
Security researcher Dymtro Oleksiuk has uncovered a critical flaw in the BIOS of Lenovo PCs that could let attackers circumvent Windows' basic security protocols. However, while the vulnerability was found on Lenovo PCs, other manufacturers using the same BIOS software could also be vulnerable.
Laptops like Lenovo's X1 Carbon may be affected by a critical BIOS vulnerability.
Security researcher Dymtro Oleksiuk has uncovered a flaw in the BIOS of Lenovo PCs that could let attackers circumvent Windows' basic security protocols. However, while the vulnerability was found on Lenovo PCs, Oleksiuk posted on his Github that the vulnerable firmware driver was copy and pasted from data supplied directly by Intel, which means other manufacturers using the same BIOS software could also be vulnerable. At this time, at least one 2010-era HP Pavilion laptop is known to contain the vulnerable code.
Oleksiuk says that an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.”
Lenovo has issued a public response, confirming the vulnerability and has said that it is working with its partners to develop a fix as soon as possible. A full list of the affected devices has not been issued at this time.
Worryingly, both Oleksiuk and Lenovo suggest that that the vulnerable code could actually be an intentional backdoor, with Lenovo stating that it does not know the "the original purpose of the vulnerable code."
Source: Lenovo & Dymtro Oleksiuk via Engadget
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.