The security researcher Dymtro Oleksiuk claims to have discovered a flaw in the machines from Lenovo that is affecting UEFI drivers used by Lenovo and HP Laptops.
Zero Day BIOS Bug found on Lenovo: Other PC Makers Also Affected
A new security flaw is appeared to be affecting laptops and computers of Lenovo. The security flaw is affecting the BIOS of multiple Lenovo computers and laptops and they are going un-noticed until the security researcher Dymtro Oleksiuk discovered it.
Dymtro Oleksiuk found the software vulnerability affecting the UEFI drivers used by Lenovo and HP Laptops and also affecting in the firmware that runs on Gigabyte motherboards. Dymtro Oleksiuk had discovered that the flaw simply allows hackers to overcome the basic security protocols of Windows. According to the researcher, this flaw can also enable arbitrary code execution.
According to Dymtro Oleksiuk, By running arbitrary code in the system management mode, a hacker can effortlessly disable flash write protection and bypass the secure boot-up feature of Windows 10’s Enterprise edition, among other actions. Moreover, this vulnerability is affecting almost all ThinkPad series of Laptops.
Sources also mentioned that the driver that Lenovo uses is a direct copy of that Intel uses and that other manufacturers may also be using. Lenovo confirmed that by saying “The package of code with the SMM vulnerability was developed on top of a common code base provided to the IBV by Intel”
Lenovo also said “Importantly, because Lenovo did not develop the vulnerable SMM code and is still in the process of determining the identity of the original author, it does not know its originally intended purpose”
Lenovo is also making every effort to be able to detect the source of the problem in which the company said “Lenovo is committed to the security of its products and is working with its IBVs and Intel to develop a fix that eliminates this vulnerability as rapidly as possible”