Lenovo driver goof poses a security risk for users of 25 laptop models.

Getty Images More than 24 Lenovo laptop models are vulnerable to a malicious hack that disables the UEFI secure boot process and then runs unsigned UEFI apps or loads a bootloader that permanently backdoors the device, researchers warned Wednesday. At the same time as researchers from security firm ESET disclosed the vulnerability, the laptop maker has released security updates for 25 models, including ThinkPad, Yoga Slims and IdeaPad. Vulnerabilities that weaken UEFI Secure Boot could be severe as an attacker could install malicious firmware that survives multiple operating system reinstallations. It’s not common and it’s rare. UEFI, short for Unified Extensible Firmware Interface, is software that connects device firmware on a computer with the operating system. It is the first piece of code that runs when almost all modern systems are turned on and is the first link in the security chain. Because UEFI resides on the motherboard’s flash chip, it is difficult to detect and eliminate the infection. Because UEFI infection later simply re-infects the computer, common actions such as wiping the hard drive and reinstalling the OS have no meaningful impact. The vulnerability, tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, allows ESET to “disable UEFI Secure Boot or restore the factory default Secure Boot database (including dbx). .” Secure Boot uses a database to allow and deny mechanisms. Specifically, the DBX database stores cryptographic hashes of rejected keys. Disabling or restoring default values ​​in the database allows attackers to remove restrictions normally applied. “It’s not uncommon and not uncommon to change the firmware in the OS,” said one firmware security researcher who didn’t want to be named. “Most people say that if you want to change a setting in the firmware or BIOS, you must have physical access to break the DEL button at boot and get into the settings and do the work. It would be great if the OS could do a few things.” Disabling UEFI Secure Boot could allow an attacker to run malicious UEFI apps. Secure Boot is usually not possible because UEFI apps require cryptographic signatures. On the other hand, restoring the factory default DBX could allow an attacker to load a vulnerable bootloader. Last August, researchers at security company Eclipseium identified three major software drivers that attackers could use to bypass Secure Boot when they have elevated privileges (admin in Windows or root in Linux). The vulnerability could be exploited by tampering with variables in NVRAM, a non-volatile RAM that stores various boot options. This vulnerability is the result of Lenovo inadvertently shipping laptops with drivers intended for manufacturing use only. Vulnerabilities include: CVE-2022-3430: A potential vulnerability in the WMI Settings driver on some consumer Lenovo notebook devices could allow an attacker with elevated privileges to modify Secure Boot settings by changing NVRAM variables. CVE-2022-3431: A potential vulnerability in a mistaken driver used during the manufacturing process on some non-disabled consumer Lenovo notebook devices could allow an attacker with elevated privileges to modify Secure Boot settings by changing NVRAM variables. CVE-2022-3432: A potential vulnerability in a driver used during the manufacturing process of the Ideapad Y700-14ISK that was not accidentally disabled could allow an attacker with elevated privileges to modify the Secure Boot settings by adjusting NVRAM variables. Lenovo is only patching the first two. CVE-2022-3432 will not be patched as it no longer supports the affected, discontinued laptop model, the Ideapad Y700-14ISK. People with other vulnerable models should install the patch as soon as possible. Go chat…
#Lenovo #driver #goof #poses #security #risk #users #laptop #models

Leave a Comment

Your email address will not be published. Required fields are marked *