Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo PCs flagged for onboard security flaws again


  • Please log in to reply
No replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 23,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 AM

Posted 05 July 2016 - 09:17 AM

LENOVO HAS issued an official response to a security researcher's claim that the company is shipping more bad software with its hardware.

Lenovo has accepted the problem and shunted it onto another party. But we are getting ahead of ourselves here.

The problem, according to a security researcher called Dymtro Oleksiuk, is that Lenovo is shipping a flaw that undermines Windows security protocols.

 

Oleksiuk has posted details of the Lenovo ThinkPad System Management Mode flaw on GitHub, and has published a blog about his work.

"The new 0day vulnerability in Lenovo firmware allows arbitrary SMM code execution on a wide range of Lenovo models and firmware versions including the most recent ones," he said.

"Exploitation of the vulnerability may lead to the flash write protection bypass, disabling of UEFI Secure Boot, Virtual Secure Mode and Credential Guard bypass in Windows 10 Enterprise and other evil things."

Article

 

More info here


Edited by JohnC_21, 05 July 2016 - 09:20 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users