Zero Day UEFI Exploit Affecting Lenovo, HP, and Gigabyte Laptops

By

There is no fix for the vulnerability yet.

A security researcher named Dmytro Oleksiuk has discovered a zero-day exploit for the low-level firmware found in some Lenovo laptops. Oleksiuk wrote on GitHub, “Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the newest one is T450s (with latest firmware versions available at this moment).”

According to Oleksiuk, “Running of arbitrary System Management Mode code allows the attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do other evil things.”

Lenovo said in its security advisory that their Product Security Incident Response Team (PSIRT) is fully aware of a BIOS vulnerability located in the System Management Mode (SMM) code that impacts certain Lenovo PC devices.

The SMM code running on certain Lenovo laptops was provided by Independent BIOS Vendors (IBVs). Additionally, other laptop makers may also have used the same SMM in their devices. Some researchers have already found the vulnerabilities in HP and Gigabyte Technology laptops.

07/06/2016
comments powered by Disqus