- LENOVO DRIVER UPDATE WINDOWS 10 INSTALL
- LENOVO DRIVER UPDATE WINDOWS 10 SERIAL
- LENOVO DRIVER UPDATE WINDOWS 10 DRIVERS
- LENOVO DRIVER UPDATE WINDOWS 10 VERIFICATION
- LENOVO DRIVER UPDATE WINDOWS 10 CODE
Several Lenovo devices won't receive firmware updates.
LENOVO DRIVER UPDATE WINDOWS 10 INSTALL
Customers may want to check the support page again on the date to download and install the update on their devices. These remain vulnerable until at least that date. Some devices will receive the firmware update on May 10, 2022. Customers are encouraged to update the device firmware immediately to protect the device against attacks targeting the vulnerabilities. Lenovo published a security advisory, that describes the three vulnerabilities and the affected devices, and firmware updates for most affected devices.
LENOVO DRIVER UPDATE WINDOWS 10 CODE
The vulnerability allows arbitrary read and write operations from and into SMRAM this may lead to the "execution of malicious code with SMM privileges" and potentially to the "deployment of an SPI flash implant". The third vulnerability, CVE-2021-3970, was discovered by ESET during the company's investigation of the two other vulnerabilities. A Windows administrator account with the SE_SYSTEM_ENVIRONMENT_NAME privilege is required to carry out the attack during runtime of the operating system. Resetting the UEFI firmware to factory defaults may have severe consequences as well, especially if it would lead to the loading of components with known security vulnerabilities.Īn attacker needs to set a UEFI variable on unpatched Lenovo devices to exploit the vulnerability.
LENOVO DRIVER UPDATE WINDOWS 10 VERIFICATION
The disabling of Secure Boot, and thus the disabling of its component verification process, allows any component, including those that are untrusted or malicious, to be loaded during boot.
LENOVO DRIVER UPDATE WINDOWS 10 DRIVERS
Usually, third-party UEFI drivers, applications and OPROMS are being verified, while the drivers on the SPI flash "are implicitly considered trusted". Secure boot uses databases to determine the trusted components. Its main purpose is to verify boot component integrity to ensure that components are allowed to be executed. Secure Boot is part of the UEFI specification. Attackers may exploit the security issue for various tasks, including the disabling of Secure Boot on the device. Among them are the UEFI Secure Boot state or the ability to restore factory settings. The vulnerability CVE-2021-3972 gives attackers control over several UEFI firmware settings. SMM, System Management Mode, is used for various tasks, including the secure updating of a device's firmware or the execution of proprietary code by OEMs.ĮSET notes that any Windows administrator, with the SE_SYSTEM_ENVIRONMENT_NAME privilege, may exploit the vulnerability using the "Windows API function SetFirmwareEnvironmentVariable". The attacked system allows SPI flash to be modified, even when executed from non-SMM code, resulting in attackers being able to write malicious code directly to the firmware storage. With the variable set, the platform's firmware will skip the execution of code that is "responsible for the setting up BIOS Control Register and Protected Range register-based SPI flash protections". Successful exploitation disables SPI flash write protections. The primary line of defense is "provided by the special memory-mapped configuration registers exposed by the chipset itself – the BIOS Control Register and five Protected Range registers".ĬVE-2021-3971 may be exploited by creating the NVRAM variable. Manufacturers created several security mechanisms to protect the SPI flash against unauthorized modifications. Malwares such as LOJAX, the first UEFI rootkit found in the wild, MosaicRegressor, or MoonBounce, targeted the memory in attacks.
Since it is non-volatile, it is a high-level target for threat actors. An administrator could erase a device's hard drive, install another operating system, and the memory would not be changed by the procure. The memory is independent of the operating system, which means that it remains even if the operating system is reinstalled or another system is installed.
LENOVO DRIVER UPDATE WINDOWS 10 SERIAL
It is connected to the processor via the Serial Peripheral Interface (SPI). UEFI firmware is usually stored on the in an embedded flash memory chip on the computer's motherboard. The vulnerability CVE-2021-3971 can be exploited to disable SPI protections on Lenovo devices. Lenovo published the security advisory on April 18 and ESET its findings and details a day later. Lenovo confirmed the vulnerabilities in November 2021 and requested a postponing of the public disclosure date to April 2022. Security company ESET reported the vulnerabilities to Lenovo in October 2021.
0 kommentar(er)
