Lenovo has provided BIOS updates for virtually its entire line of PC models. Among other things, malicious code gaps are closed.
If you own a Lenovo computer, you should ensure that the BIOS firmware is up to date. Attackers could target multiple vulnerabilities and compromise PCs. The manufacturer classifies the overall severity of the vulnerabilities as “high” a.
Extensive access possible
In total, the developers have closed five security gaps. According to a warning message, attackers need local access with extended rights in order to be able to successfully target the vulnerabilities. If so, they could leak information or even execute malicious code. How attacks could proceed is not clear from the article. Not all vulnerabilities affect all computer models.
If attackers successfully target a vulnerability, they could access the system management mode memory (SMM), among other things. This controls system-wide parameters such as hardware control and energy management. Access to the operating system would be conceivable via this.
Patch now!
To prevent attacks, the PC manufacturer has released secure firmware versions. These are available for countless models, including the desktop, smart office and ThinkPad series. Lenovo lists the affected models and current firmwares in an article.
