Researchers find Lenovo UEFI flaw that affects millions

2 min. read

Published onApril 19, 2022

published onApril 19, 2022

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Based on a news report byThe Hacker News, there are three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities, CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 that have been identified to be affecting various Lenovo devices such as the Lenovo Flex, IdeaPads and Yoga laptops.

Originally, CVE-2021-3971, and CVE-2021-3972 were meant to be used during themanufacturing process of Lenovo consumer notebooks. However, they were mistakenly left in during the production of BIOS images without being deactivated first.

Attacks could gain access to these devices where they would be able to disable SPI flash protection or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime.

However, on October 11 in 2021, the complaints were lodged to Lenovo, and yesterday they releasedpatches for the security vulnerabilitiesas highlighted below.

It is important to make use of these security patches to avoid being compromised in the future. The threats are initiated early during the boot process before the OS gains control. Therefore, the attackers will able to counter any security measures put in place.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Researchers find Lenovo UEFI flaw that affects millions#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Researchers find Lenovo UEFI flaw that affects millions