• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new uefi firmware flaws reported in several lenovo notebook models

New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

You are here: Home / General Cyber Security News / New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
November 10, 2022

Pc maker Lenovo has dealt with yet one more set of a few shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware impacting quite a few Yoga, IdeaPad, and ThinkBook gadgets.

“The vulnerabilities permit disabling UEFI Safe Boot or restoring manufacturing facility default Safe Boot databases (incl. dbx): all just from an OS,” Slovak cybersecurity firm ESET explained in a collection of tweets.

UEFI refers to program that acts as an interface involving the functioning program and the firmware embedded in the device’s hardware. For the reason that UEFI is dependable for launching the working procedure when a system is run on, it has created the technology an appealing possibility for danger actors on the lookout to drop malware which is difficult to detect and clear away.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Considered in that light, the flaws, tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, could be abused by an adversary to turn off Secure Boot, a security mechanism that is developed to avoid destructive programs from loading throughout the boot system.

Lenovo’s advisory describes the vulnerabilities as follows –

  • CVE-2022-3430: A likely vulnerability in the WMI Set up driver on some purchaser Lenovo Notebook units could allow an attacker with elevated privileges to modify Secure Boot setting by modifying an NVRAM variable.
  • CVE-2022-3431: A probable vulnerability in a driver made use of through the producing system on some consumer Lenovo Notebook devices that was mistakenly not deactivated could permit an attacker with elevated privileges to modify Secure Boot location by modifying an NVRAM variable.
  • CVE-2022-3432: A prospective vulnerability in a driver used during the production process on the IdeaPad Y700-14ISK that was mistakenly not deactivated may well allow for an attacker with elevated privileges to modify Protected Boot setting by modifying an NVRAM variable.

In other words, disabling the UEFI Protected Boot would make it feasible for risk actors to execute rogue boot loaders, granting the attackers privileges access to the compromised hosts.

CyberSecurity

ESET mentioned the vulnerabilities weren’t lapses in the source code per se, but relatively arrived into becoming because the “motorists were being meant to be applied only for the duration of the producing system but had been mistakenly included in the manufacturing.”

The newest update marks the 3rd time Lenovo has moved to patch flaws in its UEFI firmware, all of which have been found and reported by ESET researcher Martin Smolár.

When the to start with established of issues (CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972) could have permitted negative actors to deploy and execute firmware implants on the affected units, the 2nd batch (CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892) could be weaponized to realize arbitrary code execution and disable security functions.

Lenovo mentioned it does not intend to launch fixes for CVE-2022-3432 owing to the fact that the product in problem has achieved end-of-life (EoL). Customers of the other impacted units are advised to update their firmware to the newest variation.

Found this post intriguing? Observe THN on Fb, Twitter  and LinkedIn to go through additional exclusive content material we submit.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News High-Risk Vulnerability Found in ABB’s Flow Computers
Next Post: Re-Focusing Cyber Insurance with Security Validation re focusing cyber insurance with security validation»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.