PC vendor Lenovo issues fixes for UEFI flaws discovered by ESET | Biden News

Global computer vendor Lenovo has fixed two vulnerabilities in some of its laptop models that could cause secure boot to be disabled, thereby exposing a user to the injection of malicious code at boot.

In advicethe company said the following three problems were reported in the UEFI firmware of its notebooks:

“CVE-2022-3430: A potential vulnerability in the WMI Configuration driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify a secure boot configuration by modifying an NVRAM variable.

“CVE-2022-3431: A potential vulnerability in a driver used during the manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not disabled could allow an attacker with elevated privileges to modify secure boot by modifying an NVRAM variable.

“CVE-2022-3432: A potential vulnerability in a driver used during production on the Ideapad Y700-14ISK that was mistakenly not disabled could allow an attacker with elevated privileges to modify a secure boot configuration by modifying an NVRAM variable.”

Slovak security outfit ESET discovered the vulnerabilities and said of them: “The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from OS.”

Safe startup is a feature of the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS.

Microsoft implemented it for Windows 8 that was released back in October 2012, in a way that prevented other operating systems from launching on machines that have secure boot enabled.

An exchange of cryptographic keys occurs at boot time so that a system can verify that the operating system trying to boot is genuine, and not malware. There are more key exchanges along the way.

However, the touted invincibility of secure boot was ruined in August 2016, when two researchers cracked the technology, finding a so-called golden key that protected the function.

The researchers who posted their findings under their pseudonyms MY123 and Slipstream, wrote that a backdoor, “which Microsoft put into secure boot because they decided not to let the user disable it on certain devices, allows secure boot to be disabled everywhere”.

Regarding mitigation of the three flaws, Lenovo had the following advice: “For CVE-2022-3430 and CVE-2022-3431, update system firmware to the version (or newer) indicated for your model in the product Impact section.

“For CVE-2022-3432, the Ideapad Y700-14ISK has reached end of development support and no fixes will be released. Lenovo recommends customers adopt secure computing practices, including active system lifecycle management.”

It provided links for users to download the UEFI firmware fixes for products sold in China and other regions.

ENABLE HYBRID CLOUD & REDUCE NETWORK WHITEWASH

Hybrid cloud promises to bring the best of both worlds together by enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control you can get from your on-premises infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Utilizing compression and data deduplication can reduce your network latency.

Research firm Markets and Markets has predicted that the size of the hybrid cloud market will grow from $38.27 billion in 2017 to $97.64 billion by 2023.

Colocation facilities provide many benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to take advantage of their low latency high bandwidth connections to the cloud as well as provide a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organization.

DOWNLOAD NOW!