Scientists at cyber security business ESET have found a few vulnerabilities that have an affect on Lenovo laptops and could guide to the execution of malware by a bypassing of UEFI Safe Boot.
Extra than 100 diverse Lenovo notebook models and hundreds of thousands of people are considered to be susceptible to the UEFI threats, ESET reported, and patches are not out there for all those who may possibly be influenced.
A amount of the laptops that are vulnerable to the attacks have arrived at finish of existence and are not supported with formal updates. In these scenarios, ESET recommends users deploy an anti-malware products that scans for UEFI threats and employs a TPM-aware entire-disk encryption product to make the disk inaccessible.
Of the three full vulnerabilities in dilemma, two of them tracked as CVE-2021-3971 and CVE-2021-3972, impact UEFI firmware motorists that were mistakenly still left in the last output equipment, and their BIOS pictures, following originally only supposed to be involved in the course of the production procedure.
Both drivers “immediately” caught the attention of the ESET researchers considering that they ended up named SecureBackDoor and SecureBackDoorPeim.
Attackers could use these vulnerabilities to disable flash memory protections and UEFI Protected Boot to deploy UEFI malware on targeted equipment, ESET claimed.
UEFI malware is not a new phenomenon but has viewed several superior-profile exploits in the latest many years these kinds of as Lojax in 2018, and ESPecter and MoonBounce in 2021. These styles of attacks can be hard to trace given that the malware is saved in flash memory, leaving a little footprint.
The exploits are also turning out to be a lot more highly developed with the likes of ESPecter becoming only the second ever real-globe scenario of a UEFI bootkit persisting on the EFI System Partition. The to start with example of this is assumed to be FinSpy, also learned in 2021 by Kaspersky.
Lenovo has unveiled a vast vary of patches that can be downloaded from its web page and advisory webpage. It lists all affected equipment and to what security issues they are vulnerable, while some devices are still awaiting patches for precise CVEs. In these circumstances, Lenovo has presented an believed availability date.
The 3rd and final vulnerability tracked as CVE-2021-3970, is a vulnerability in the LenovoVariable SMI Handler – a ingredient dependable for detecting and logging technique errors – that could allow an attacker with local obtain and elevated privileges to execute arbitrary code.
This is quite horrifying, but also possibly not one of a kind to Lenovo. I would really like to see another person mine an archive of firmware visuals and just search for how lots of GetVariable() calls there are to non-spec variables https://t.co/WrhKCaHMla
— Matthew Garrett (@mjg59) April 19, 2022
Cyber security authorities have responded to the announcement heeding the warnings of ESET and Lenovo, agreeing that the vulnerabilities could be probably risky, however not in the average security team’s danger design.
“These Lenovo UEFI vulnerabilities are not in your typical threat design,” claimed security danger analyst Martijn Grooten. “But if privilege escalation from admin to even worse is in your risk model this is form of negative.”
Some areas of this article are sourced from: