ESET cybersecurity experts published last Wednesday (9) a report that deals with a New Security Flaw Discovered in Lenovo Laptop Firmware🇧🇷 The breach affects models from the manufacturer’s most popular lines, including ThinkPad, Yoga Slim and IdeaPad.
As explained by the researchers, the vulnerability of the affected models allows hackers to disable UEFI Secure Boot or manipulate prohibited signature database (DBX) settings, allowing arbitrary malicious code to run even before accessing the operating system.
Cataloged under the codes CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432, security flaws are considered dangerous due to the difficulty in detecting an attack that exploits such holes in the UEFI. A similar problem with the same notebook lines mentioned was disclosed by the brand in July of this year.
ESET claims that the vulnerabilities were not problems in the source code per se, but occurred because “certain drivers were only supposed to be used during the manufacturing process, but were erroneously included in production” of the notebooks.
The biggest risk users face in having UEFI — that is, the tool that boots the operating system of most modern computers — compromised is the possibility that hackers will run Malicious startup tools that grant privileged access to data stored on the notebook or local network🇧🇷
A vulnerability in drivers used during the manufacturing process of some Lenovo devices that were not properly disabled could allow a high-level attacker to modify the Secure Boot setting by changing an NVRAM variable.
Fault Description “CVE-2022-3431”
This type of attack is difficult to resolve, as it can “survive” operating system reinstallations. In addition, UEFI is stored on a flash memory chip soldered to the motherboard, making it difficult to identify and remove.
Lenovo fixed the security holes through patches for CVE-2022-3430 and CVE-2022-3431. CVE-2022-3432 did not receive a fix as it only affects the Ideapad Y700-14ISK, a model that is no longer officially supported by the brand.
It is recommended that users of affected devices update the BIOS of their notebooks via Lenovo’s official website. The support page includes, in addition to a list of models at risk, links to files and instructions needed to correct the problem.
- Lenovo Support — access
