Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop models

UEFI firmware from Microsoft, Intel, HP, Dell etc., can be at risk from nearly 20 different vulnerabilities
5 ways to fix lost UEFI Firmware Settings menu error in Windows 10

Lenovo has just published a security advisory about vulnerabilities affecting Unified Extensible Firmware Interface (UEFI) installed on at least 100 of its laptop models.

A total of 3 security issues were discovered, two of which allowed hackers to disable protection for SPI flash memory chips, where UEFI firmware is stored, and disable UEFI Secure Boot, which ensures that at At startup the computer loads only code that is trusted by the OEM.

If successfully exploiting the third vulnerability, CVE-2021-3970, hackers can execute arbitrary code with elevated privileges.

All three vulnerabilities were responsibly discovered by ESET researchers and reported to Lenovo last year. They affect more than 100 consumer laptop models including the IdeaPad 3, Legion 5 Pro-16ACH6 H, Yoga Slim 0-14ITL05. This equates to millions of users using vulnerable devices.

Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop models Picture 1

Installed the wrong driver

Researchers at ESET warn that two UEFI-related vulnerabilities (CVE-2021-3971 and CVE-2021-3972) can be used by hackers to successfully deploy and execute SPI flash or ESP implants.

Both UEFI-related security problems in Lenovo products stem from two drivers being installed by mistake. Specifically, drivers named SecureBackDoor and SecureBackDoorPeim, which were only used in the production process, were mistakenly installed on commercial devices.

It is very difficult to detect UEFI with malicious code

According to ESET, UEFI-related threats are often very dangerous and difficult to detect. This is because they execute early in the boot process before transferring control to the operating system.

This means that all mitigations and security solutions that work at the executive level are useless and the implicit execution of payloads is inevitable and undetectable.

Of course, it is still possible to detect this type of attack, but it will require more advanced techniques such as UEFI integrity checking, real-time firmware analysis or device and firmware behavior monitoring to detect this type of attack. Look for suspicious activity.

Security companies have identified two such implantation attacks in the past, both of which are used by hackers in actual attacks:

Lojax - discovered in 2018 and used by Russian state-sponsored hackers such as APT28, Fancy Bear, Sednit, Strontium and Sofacy.
ESPcter - discovered in 2021 and active since 2012.

However, this is not the only UEFI threat detected. Kasspersky has published reports on MosaicRegressor in 2020, FinSpy in 2021, and MoonBounce in January 2022.

To be safe from attacks from these vulnerabilities, Lenovo recommends that affected laptop users update the firmware to the latest version available.

This can be done by downloading and installing it manually from the device's support page or with the help of system driver update utilities provided by Lenovo.

Kareem Winters

Update 23 April 2022

You should read it

May be interested

Microsoft is about to add a useful security feature to Windows 10 to help detect software attacks early
uefi scanner feature in the defender advanced threat protection (defender atp) tool.
Warning: Huawei's 4G USB contains a serious security flaw
last week, trustwave security researchers discovered a serious security flaw in huawei's 4g usb products. usb 4g is a device used to provide an internet connection to a laptop or desktop computer via a usb port.
Detected a serious BIOS vulnerability, affecting many Intel processors
located in the bios, two newly discovered vulnerabilities allow hackers to perform malicious attacks on the victim's system.
How to set a firmware password on a Mac
an easy fix for this is to set the firmware password on a mac. the firmware password is the third security layer that prevents mac from entering recovery mode, unless you enter a password.
Apple: Security flaw in iPhone's USB-C port is not a concern
new security vulnerability discovered on usb-c controller of iphone 15 and 16, should users worry?
Differences between UEFI and BIOS
which uefi or bios is better and which one to use? this is a good question for anyone who wants to learn how basic hardware works. the following is a list of differences between uefi and bios
A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7
bad luck seems to have not been released yet for microsoft and windows 7.
5 tips for using the BIOS to help you master your computer
most computer users often don't care much about the bios. however, when the problem occurs, you need to tweak a setting and don't know how. you will wonder what the bios is? really need to know about it?
SuperVPN has a security flaw, if you are installing it, delete it now
google recently announced the removal of the vpn - supervpn service from its android app store after uncovering major security flaws that allowed hackers to send users to malicious servers.
Found an 'unpatchable' flaw in Intel CPUs
international security researchers have identified a critical flaw that exists in intel cpus.