Lenovo PCs have another critical vulnerability potentially exposing users to all manner of nastiness, and this flaw apparently isn’t limited to Lenovo machines, either.
Security researcher Dymtro “Cr4sh” Oleksiuk first found the UEFI bug, which can be leveraged to disable firmware write protection, on a Lenovo machine (the zero-day exploit has been dubbed ‘ThinkPwn’).
Oleksiuk initially said it was present on all ThinkPad laptops he tested, observing: “Running of arbitrary System Management Mode code allows attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do other evil things.”
However, it later emerged that this flaw actually originates from reference code supplied by Intel, and so the researcher noted there was a “high possibility” that said vulnerable code may also be present in the firmware of other PC vendors.
Indeed, another source claimed the exploit affected his HP Pavilion laptop, and the vulnerable code was found in a number of motherboards from Gigabyte.
As Engadget reports, Lenovo is now apparently investigating the issue and cooking up a fix, with the manufacturer posting an advisory which called the BIOS vulnerability an “industry-wide” issue – so we could still see further fallout from this.
Lenovo stated: “Lenovo is committed to the security of its products and is working with its IBVs and Intel to develop a fix that eliminates this vulnerability as rapidly as possible.”
The company further observed: “The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel. Importantly, because Lenovo did not develop the vulnerable SMM code and is still in the process of determining the identity of the original author, it does not know its originally intended purpose.”
The latter part of this statement has led to some speculation that rather than some sort of accidental vulnerability, this hole was actually left on purpose as some manner of backdoor.
Maybe we’ll hear more on that as the investigation proceeds, but we wouldn’t hold our breath.
Article continues below