Lenovo releases security fixes for device bugs


Lenovo has released security fixes for bugs in its devices, including ThinkPad, Notebook, and desktop computers, among others

Lenovo has released security fixes for bugs in its devices, including ThinkPad, Notebook, and desktop computers, among others

The company urged users to update to the latest security patch to keep their systems safe.

(Sign up for our technology newsletter, Today’s Cache, for insights into emerging themes at the intersection of technology, business and politics. Click here to subscribe for free.)

The security update addressed multi-vendor BIOS security vulnerabilities that could lead to information disclosure, elevation of privilege, denial of service on affected systems.

Earlier on Monday, India’s Computer Emergency Response Team (CERT-In) released notes on bugs found in Lenovo products, urging users to apply appropriate security updates.

Security bugs with industry-wide impact have been found in BIOS security that is used to boot a computer after it is powered on. These bugs have been categorized as high severity by Lenovo and CERT-In.

However, the bugs did not affect all Lenovo products, the company said in its security blog.

Information disclosure bug

An information disclosure bug has been found in the TianoCore EDK II BIOS. Similar bugs have also been found in System Management Interrupt (SMI), BIOS Password SMI Handler, Smart USB Protection SMI Handler, and System Management Interrupt (SMI) Handler Used to configure platform settings on Windows Management Instrumentation, according to CERT-In.

Local authenticated attackers could exploit these bugs by sending specially crafted requests that compromise the security of affected systems.

A local authenticated attacker includes all users with the system username and password as well as people using password-protected accounts like guest accounts.

The bug would allow these users to increase their reach within systems and execute arbitrary code, bypassing security restrictions and gaining access to sensitive information on affected systems.

Buffer overflow vulnerability

Another bug affecting buffer overflow has also been detected.

The bug was found to exist due to a buffer overflow fault in WMI SMI Handler which was used to configure platform settings in some Lenovo models.

It could be exploited by authenticated local attackers to send specially crafted requests and overrun a program’s buffer by overwriting adjacent memory locations.

It could also be used by attackers to execute arbitrary code on affected systems.

Previous IOT C02 Canary #3DToursday #3DPrinting “Adafruit Industries – Makers, hackers, artists, designers and engineers!
Next We need to break the stereotype that hackers are all teenagers in hoodies