Lenovo devices are vulnerable to critical security flaws in System Management Mode that can allow persistent malware implants and bypass Secure Boot protections. Security patches and advisories are now available following Binarly’s discovery of these issues, highlighting ongoing firmware security risks. #LenovoVulnerabilities #SecureBootBypass
Keypoints
- Six vulnerabilities were identified in Lenovo all-in-one desktops affecting System Management Mode (SMM).
- Four of these flaws are rated as high severity, enabling privilege escalation and code execution.
- The vulnerabilities can allow threat actors to bypass security measures like Secure Boot and SPI flash safeguards.
- Exploiting these flaws could result in persistent malware implants surviving system reinstallation.
- Lenovo has issued patches and is working with Binarly, which previously identified similar firmware vulnerabilities in other manufacturers.
Read More: https://www.securityweek.com/lenovo-firmware-vulnerabilities-allow-persistent-implant-deployment/