Lenovo Windows 11 and 10 laptops have Secure Boot vulnerability, BIOS update out

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Content source
https://www.neowin.net/news/eset-found-lenovo-windows-11-and-10-laptops-have-secure-boot-vulnerability-bios-update-out/
Earlier this year in April, a security researcher at ESET Martin Smolár, found that several Lenovo notebook models had a vulnerable UEFI. Similar to that, another new set of three vulnerabilities have been discovered again by Smolár in a bunch of Lenovo Windows 11 and Windows 10 notebooks. This time the vulnerabilities, which exist in the Driver Execution Environment (DXE) driver, allow threat actors to disable Secure Boot by modifying NVRAM variables.

You can find the full list of affected models as well as the firmware which patch the vulnerabilities on Lenovo's official website here.
Click to expand...
www.neowin.net

ESET found Lenovo Windows 11 and 10 laptops have Secure Boot vulnerability, BIOS update out

ESET has discovered another set of security vulnerabilities on Windows 11 and 10 Lenovo laptops. These allow attackers to disable Secure Boot. A list of vulnerable device models has been published.
www.neowin.net www.neowin.net

Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

support.lenovo.com support.lenovo.com
 
  • Like
  • +Reputation
  • Applause
Reactions: vtqhtr413, brambedkar59, Pixel_ and 5 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Gandalf_The_Grey said:
www.neowin.net

ESET found Lenovo Windows 11 and 10 laptops have Secure Boot vulnerability, BIOS update out

ESET has discovered another set of security vulnerabilities on Windows 11 and 10 Lenovo laptops. These allow attackers to disable Secure Boot. A list of vulnerable device models has been published.
www.neowin.net www.neowin.net

Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

support.lenovo.com support.lenovo.com
Click to expand...
"..Lenovo has issued ffirmware updates for two of the latest vulnerabilities - which have been given the names CVE-2022-3430 and CVE-2022-3431. However, the third vulnerability - CVE-2022-3432 - has been left unpatched as it only affects the Lenovo Ideapad Y700-14ISK.
Lenovo says that as that particular laptop is no longer supported by the company, it will not be receiving a fix. Owners of Lenovo laptops can check if their particular models are impacted by the vulnerabilities by consulting the list the company shares in its security advisory..."

www.tripwire.com

Laptop flaws could help malware survive a hard disk wipe

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers.
www.tripwire.com www.tripwire.com
 
  • Like
Reactions: oldschool and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
ThinkPad X13s: BIOS Update fixes vulnerabilities
Replies
0
Views
644
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
    • Sad
  • Locked
BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11
Replies
20
Views
3,051
News Archive
simmerskool
simmerskool
Gandalf_The_Grey
    • Like
    • +Reputation
Acer fixes UEFI bugs that can be used to disable Secure Boot
Replies
0
Views
651
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top