Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Lenovo updates BIOS to patch security holes for hundreds of device models
The BIOS vulnerability is of high severity, affecting hundreds of devices of different models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem).
If exploited, these vulnerabilities can lead to information disclosure, privilege escalation, denial of service, and in some cases arbitrary code execution.
Vulnerabilities mentioned in Lenovo's security advisory include:
- CVE-2021-28216: Fix pointer error in TianoCore EDK III BIOS (UEFI's reference implementation), allowing hackers to elevate privileges and execute arbitrary code.
- CVE-2022-40135: Information leak in Smart USB Guard SMI Handler, allowing hackers to read SMM memory.
- CVE-2022-40136: Information leak in SMI Handler used to configure platform settings via WMI, allowing hackers to read SMM memory.
- CVE-2022-40137: Buffer Overflow in the WMI SMI Handler, allowing hackers to execute arbitrary code.
- American Megatrends security improvements (no CVE code assigned).
SMM (Ring-2) is part of the UEFI firmware that provides system-wide functions such as low-level hardware control and power management.
Access to SMM can be extended to the operating system and RAM, and storage resources, which is why both AMD and Intel developed SMM isolation mechanisms to keep user data safe. against low-level threats.
Remedies
Lenovo has fixed the issue in the latest BIOS updates for affected products. Most of the patches were released between July and August 2022.
Additional patches are expected to roll out in late September and October while a small number of devices will receive the patch next year. To see the details of the affected computer models and the BIOS firmware version that fixes the corresponding issue, you can access Lenovo's security message board via the link below:
Alternatively, Lenovo computer owners can visit Lenovo's software and driver download page, then search by product name, select manual update, and download the latest BIOS firmware version.
David PacYou should read it
- 5 tips for using the BIOS to help you master your computer
- How to Update Your Computer's BIOS
- Instructions for upgrading BIOS
- How to Update an ASUS BIOS
- Update the BIOS for the PC motherboard in 5 steps
- Detected a serious BIOS vulnerability, affecting many Intel processors
- Apple Patches Zero-Day Vulnerability That Could Let iPhones, iPads, and MacBooks Get Hacked
- AMD will release a Ryzen boost performance BIOS update
May be interested
- Patches of dangerous vulnerabilities being exploited by hackers contain dangerous holes and then continue to be exploited by hackers
not long after the log4j vulnerability was discovered, the patch was released. however, the irony is that this patch has holes. - How to protect the computer against Meltdown vulnerability on CPU?as detailed information on two serious security holes on the processor gradually cleared up, companies are trying to release security patches.
- Critical RCE vulnerability affects 29 DrayTek router modelsresearchers from security firm trellix have discovered an unauthenticated remote code execution (rce) vulnerability affecting 29 models of draytek routers.
- Series of DrayTek router models have security holescybersecurity researchers at forescout technologies have discovered 14 security vulnerabilities in router models manufactured by draytek, which could allow attackers to take control of the router and use the device to infiltrate corporate networks.
- Warning of dangerous vulnerabilities on WinRAR, users should uninstall or upgrade to a new versionrarlab, the developer of winrar, has just released an urgent update to patch a dangerous vulnerability in their software.
- Many Netgear router models contain serious RCE security holesif you are using one of the following netgear router models, you should immediately update to the latest firmware.
- How to Enter BIOSdo you need to change your boot device or set your system clock? the bios is the place for you. the bios controls all of the low-level functions of your pc, and you'll need to access it if you want to make any changes. accessing the bios...
- Google: Dangerous for users when Microsoft does not patch Windows the same way on the OSgoogle's leading security team, project zero, said that microsoft is putting users at risk when there is no uniformity when patching the windows operating system versions.
- Intel CPUs continue to get stuck, Microsoft is forced to release up to 7 different updates for Windows 10this is not the first time microsoft has had to release an update to patch the intel cpu, but this time it has released seven different updates for each version of windows 10, rather than sharing the same version. previous times.
- Microsoft released an emergency security patch for a serious vulnerabilityif you are using windows os, install this security patch now.
System
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Instructions to record screen with VLC Media Player
- Ways to fix VLC Media Player not playing videos
- How to prevent others from changing your Windows desktop theme and icons
- 6 Best Command Prompt Alternatives for Windows
- Instructions to customize your PC screen with Rainmeter
Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
Instructions to record screen with VLC Media Player
Ways to fix VLC Media Player not playing videos
How to prevent others from changing your Windows desktop theme and icons
6 Best Command Prompt Alternatives for Windows
Instructions to customize your PC screen with Rainmeter