Critical vulnerability discovered in Lenovo laptops
Millions of Lenovo users should update their notebooks' firmware as soon as possible, according to a warning from European security company ESET.
Security researchers from ESET discovered three vulnerabilities on Lenovo laptops that leave a barn door open for attackers. It would theoretically be possible to inject malware via the vulnerability that can manipulate the firmware of motherboards. This would allow hardware information to be read during operation. Since the UEFI is booted before the operating system, the vulnerability is particularly dangerous. ESET speaks of 100 affected Lenovo models.
The security researchers advise Lenovo laptop owners to check the list of affected devices and look for the appropriate firmware for their model. If no update is currently offered, ESET advises using a Trusted Platform Module (TPM) solution for full hard disk encryption.
According to ESET, all UEFI threats discovered in the last few years had to bypass or disable security mechanisms in some way.
Source: ESET
