News

Lenovo laptops open to attack — what to do right now

Three vulnerabilities in hundreds of Lenovo laptops could have exposed millions of users to potentially serious problems, security firm ESET announced today. These vulnerabilities allow hackers to distribute malware that will bypass a certain number.

Affected laptops include Lenovo Ideapads, Flex and Yoga laptops, and Lenovo Legion gaming laptops. The good news is that Lenovo has released firmware updates for the affected models. Here’s everything you need to know and how to fix your laptop.

Three vulnerabilities found

ESET researcher Martin Smolár discovered three vulnerabilities in Lenovo laptops and reported them to the company in October 2021.

The first two vulnerabilities (CVE-2021-3971 and CVE-2021-3972) allow an attacker with access to the laptop to install malicious code, called UEFI malware, which is activated during laptop startup and can bypass built-in security protections. .

According to ESET, these vulnerabilities were the result of Lenovo accidentally leaving UEFI firmware drivers where they were meant to be used only during the manufacturing process. These drivers remained in the BIOS images sent to consumers.

The third (CVE-2021-3970) was discovered during ESET’s investigation of the first two issues; This vulnerability allows someone with direct access to the laptop to distribute code into a machine’s SMRAM. This can be used to inject malware into a laptop’s SPI flash memory chip, allowing it to bypass security protocols.

How do you know if your Lenovo laptop is affected and what to do?

You can find a complete list of laptops affected by these vulnerabilities on Lenovo’s support page. They include the following models:

  • Ideapad 3 (14, 15 and 17 inch models)
  • flexible 3
  • L340 gaming laptop
  • legion 5
  • Legion 5 Professional
  • legion 7
  • Legion S7
  • Legion Y540
  • Y545 Legion
  • Legion Y7000
  • Lenovo S14G2
  • Ideapad S145
  • Ideapad S540
  • Ideapad Slim 7 Pro
  • Ideapad Slim 9
  • V14 (G1 and G2)
  • yoga 7
  • Yoga Slim 7 Pro
  • Yoga Slim 9

Lenovo provides links to support pages where you can download the latest firmware updates for these affected laptops. We install these updates as soon as possible to protect your system.


See more

Lenovo laptops open to attack — what to do right now

Three security flaws in hundreds of Lenovo laptops could have exposed millions of users to potentially serious issues, security firm ESET announced today. These vulnerabilities would have allowed hackers to implant malware that would bypass a number 
Affected laptops include Lenovo Ideapads, Flex and Yoga notebooks, and Lenovo Legion gaming laptops. The good news is Lenovo has issued firmware updates for the affected models. Here’s everything you need to know, and how to patch your laptop.
Three vulnerabilities found
ESET researcher Martin Smolár discovered three vulnerabilities in Lenovo laptops, and reported it to the company in October, 2021.
The first two vulnerabilities (CVE-2021-3971 and CVE-2021-3972) would have allowed an attacker with access to a laptop to install so-called UEFI malware — malicious code that activates during a notebook’s startup, and can bypass built-in security protections. 
These vulnerabilities were a result of Lenovo accidentally leaving in place UEFI firmware drivers, where were meant to only be used during the manufacturing process, according to ESET. These drivers were left in the BIOS images that shipped to consumers. 
The third (CVE-2021-3970) was uncovered during ESET’s investigation of the first two issues; this vulnerability would have allowed someone with direct access to a laptop to implant code in a machine’s SMRAM. This could then be used to insert malware into a notebook’s SPI flash memory chip, which also lets it bypass security protocols.
How to tell if your Lenovo laptop is affected and what to do
On Lenovo’s support page, you can find a complete list of the laptops affected by these security vulnerabilities. They include the following models:
Ideapad 3 (14-, 15- and 17-inch models)
Flex 3
L340 gaming laptop
Legion 5
Legion 5 Pro
Legion 7
Legion S7
Legion Y540
Legion Y545
Legion Y7000
Lenovo S14 G2
Ideapad S145
Ideapad S540
Ideapad Slim 7 Pro
Ideapad Slim 9
V14 (G1 and G2)
Yoga 7
Yoga Slim 7 Pro
Yoga Slim 9
Lenovo provides links to the support pages for these affected laptops, where you can download the latest firmware updates. We install these updates ASAP so your system is protected. 

#Lenovo #laptops #open #attack


Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button