Millions of Lenovo Laptops Have Firmware-Level Vulnerabilities

Berita Posted on May 19, 2022

Millions of Lenovo Laptops Have Firmware-Level Vulnerabilities

Millions of Lenovo Laptops Have Firmware-Level Vulnerabilities [...]

Millions of Lenovo Laptops Have Firmware-Level Vulnerabilities

More than 100 different Lenovo computers or laptops, used by millions of people around the world contain firmware-level vulnerabilities that give hackers a way to infiltrate malware that can persist on the system, even after a hard drive replacement or reinstalling the operating system.

Two of the vulnerabilities (CVE-2021-3971 and CVE-2021-3972) involve Unified Extensible Firmware Interface (UEFI) drivers that were intended to be used only during the manufacturing process but accidentally ended up being part of the BIOS image shipped with the computer. The third (CVE-2021-3970) is a memory corruption bug that serves to detect and log system errors.

ESET discovered the vulnerability and reported it to Lenovo in October 2021. The hardware maker this week released a BIOS update that addresses the flaws in all affected models. However, users will have to manually install the update unless they have Lenovo's automated tools to assist with the update.

UEFI firmware ensures system security and integrity when the computer boots. The firmware contains information that the computer implicitly trusts and uses during boot. So, any malicious code embedded in the firmware will be executed before the computer even boots and before Security tools have a chance to check the system for possible threats and vulnerabilities.

In recent years, several malware have emerged and they are designed to alter the UEFI firmware to install malware during the boot-up process that is not detected as malicious. One example is LoJax, a very persistent firmware-level rootkit observed by ESET and others, this LoJax was used as part of a wider malware campaign by the Russian Sednit group. Another example is MoonBounce, a firmware-level malware recently observed by researchers from Kaspersky as part of a cyber espionage campaign.

Martin Smolár, malware analyst at ESET, said that two Lenovo drivers mistakenly inserted into the production BIOS without being properly disabled gave hackers a way to deploy similar malware on vulnerable Lenovo consumer devices.

"Exploitation of these vulnerabilities would allow hackers to directly disable critical system security protections," Smolár said. Hackers with privileged access on vulnerable systems can easily activate old firmware drivers and use them to turn off protections such as BIOS control register bits, protected range registers, and UEFI Secure Boot that prevent privileged users from making changes to system firmware. As a result, exploitation of these vulnerabilities would allow hackers to flash or modify the firmware and execute malicious code, it said.

Meanwhile, CVE-2021-3970, the third vulnerability discovered by ESET researchers, allows arbitrary reads and writes to and from System Management RAM (SM RAM) - or memory that stores code with system management privileges. This gives attackers the opportunity to execute code with system management privileges on vulnerable systems, ESET said.

In an emailed statement, Lenovo thanked ESET for alerting the company to the vulnerability in its products. "The driver has been fixed, and customers who update as described by Lenovo advisors will have their devices protected. Lenovo welcomes collaboration with BIOS researchers as we seek to increase investment in BIOS security to ensure our products continue to meet or exceed industry standards." that's roughly how the statement from Lenovo reads.

The company's advisors described the flaw as medium-level, and allowing privilege escalation for attackers who exploit it. The company said CVE-2021-3970 resulted from insufficient validation in some Lenovo models. Lenovo attributes the other two vulnerabilities to its failure to disable and remove drivers used in older manufacturing processes.

The advisory also includes instructions on where users with affected devices can find the appropriate BIOS updates and how they should install them.

Reference:

https://www.darkreading.com/threat-intelligence/millions-of-lenovo-laptops-contain-firmware-level-vulnerabilities?msclkid=6b1b0d40c5d911ec97fad486e399d3ac

Want to know more information, please visit our website at:

https://agus-hermanto.com/

Don't forget to follow our other social media

Instagram : hdnmetatech

linkedin : https://www.linkedin.com/company/herdina-metatech-sinergi-corp

Facebook : Herdina Metatech Sinergi Corp

Is Your Windows 11 Start Menu Slow? Here’s What You Need to Know

Ever encountered weird bugs or unexpected slowness on Windows 11 and wondered — why is this happening? [...]

Project Nexus: The Future of Global Payments

Its goal is to enable faster, cheaper, and more transparent cross-border transactions. [...]

Islamic Marketplace INTANSC Officially Launched

Islamic Marketplace INTANSC Officially Launched. An Integrated Halal Ecosystem Marketplace for the Welfare of the Ummah [...]

Official Signing of Collaboration Agreement Between Herdina Metatech Sinergi and the Faculty of Computer Science, UPN "Veteran" East Java

Official Signing of Collaboration Agreement Between Herdina Metatech Sinergi and the Faculty of Computer Science, UPN "Veteran" East Java [...]