Critical Security flaw found in ThinkPads

lenovo-buildingSecurity researcher Dmytro Oleksiuk claims to have found a critical security flaw in Thinkpads that could allow hackers to dodge the basic security protocols for Windows devices. The flaw allows  random System Management Mode (SMM) code execution.

Accordint to Oleksiuk, “Running of arbitrary System Management Mode code allows attacker to disable flash write protection and infect platform firmware, disable Secure Boot, bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise and do other evil things”
The flawed firmware driver is said to have come from intel. Oleksiuk believes that Lenovo’s ThinkPad series are not the only ones affected but other Windows powered devices from other OEMS that use the same vulnerable code from intel.
Lenovo’s attempt to converse with Oleksiuk before he made the vulnerability public failed, the company said. The company has now engaged all of its independent BIOS vendors as well as intel to identify and handle any other instance of vulnerability in the BIOS provided to Lenovo by other IBVs.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s