Lenovo has fixed vulnerabilities in their computer firmware
Lenovo has fixed two important vulnerabilities in the system software of their computers. Vulnerabilities can be fixed by the update LEN-9903 (Intel ME protection not set on some Lenovo Notebooks and ThinkServer systems) and LEN-8327 (Microsoft Device Guard protection bypass). The first vulnerability with the identifier CVE-2016-8222 consists in incorrect configuration by Lenovo of system mechanism of the Intel chipsets – Intel Management Engine on some models of notebooks and ThinkServer computers.
The second vulnerability with identifier CVE-2016-8222 is somewhat similar to the famous previous ThinkPwn vulnerability. The vulnerability could allow an attacker to overwrite important system variables of BIOS and invoke SMM services of microprocessor operation mode, which means that attackers could get privileges at the level of minus the second ring (-2).
Regarding the Intel Management Engine (ME) technology has recently been written several articles on the internet. In short, this is a whole sub-system hardware and software from Intel in chipset, which allows you to control your computer, also remotely, regardless of the operating system, as well as if the computer is working at the moment or not. Intel ME uses system resources, including some regions of physical memory and hardware devices functions. At the same time, these resources are used by Intel ME should be suitably blocked from the influences of the outside, for example, an attacker who wants to modify the configuration parameters of the Intel ME with the purpose to run its own code on the highest minus third (-3) level of privileges of the microprocessor. Such protection of the physical memory region, Lenovo forgot to set initially.
Vulnerability refers to Local Privilege Escalation type (the LPE) and could allow an attacker to obtain the highest level of privileges minus the third ring (-3).
The Intel Management Engine (ME) is a set of hardware features developed by Intel that enable administrators to manage, repair and protect computers on their networks. During the manufacturing process, a setting is configured on the manufacturing line that locks regions of memory used by the ME and prevents them from being reconfigured. Lenovo has discovered that this protection was not enabled on certain Lenovo systems.
Update LEN-9903 is addressed to the following Lenovo notebook computer production:
- 110-14IBR/110-15IBR
- B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch
- Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK
- K21-80, K41-80
- MIIX 710-12IKB, XiaoXin Air 12
- YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK
ThinkServer TS150 and ThinkServer TS450 Servers are also subject of the update.
The second vulnerability is present in one of the drivers of UEFI-firmware of ThinkPad notebooks and allows an attacker who has already received the highest administrator rights in the system, to go down to the minus second (-2) ring to run his own code in SMM mode.
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.
This vulnerability could allow an attacker to bypass Microsoft Device Guard protections for systems running Windows 10.
In turn, compromising SMM operation mode of the microprocessor allows an attacker to compromise a such protection technologies of Windows 10, which operate using virtualization mechanism, as a Device Guard and Credential Guard. Since virtualization subsystem runs on the ring -1 privileges, the SMM code will not be difficulty to bypass its defense mechanism.
We recommend to everyone to install the updates.
Related Posts
- Windows is no longer the most popular OS
- Warning: Mac-targeting ransomware
- 60% of Americans are cyber security experts
- Google and Samsung have fixed the vulnerability Dirty COW in Android firmware
- Hajime Trojan worm written in C can be controlled by P2P and infects IoT-devices
- HDDCryptor – ransomware which can overwrite the MBR on the victim’s computer
- Trojan, disguised as a guide for Pokemon Go has been installed more than 500 000 times!
- Researchers from Sophos have found a hacker, who has been infecting other hackers with his own malware
- Windows is no longer the most popular OS 04/04/2017
- Warning: Mac-targeting ransomware 02/24/2017
- 60% of Americans are cyber security experts 02/24/2017
- Lenovo has fixed vulnerabilities in their computer firmware 11/28/2016
- Google and Samsung have fixed the vulnerability Dirty COW in Android firmware 11/16/2016
- How to kill Search.searcheasysta.com browser hijacker? 04/07/2017
- Why you should stay away Www-searches.net 04/07/2017
- All you need to know about Spoutly ads 04/07/2017
- Is “Notice From Microsoft Corporation” real? 04/06/2017
- Fake WindowsUpdater Ransomware removal guide 04/06/2017
- What is Cltmng.exe? Is it dangerous? How to remove it? 08/26/2015
- What is GenericAskToolbar.dll? 08/08/2015
- What is fade.exe? How to remove it from my PC? 07/18/2015
- Details about Moxgfjabg.exe 07/18/2015
- What is Omigaplussvc.exe? 07/17/2015
This was fast, easy and found all of malware! Thanks a million! – Kiera Byrne
Here goes my personal recommendation. Very informative website – Nancy
Great experience! – Laura
Thanks for taking the time to make this working guide. It was very helpful – Anne F. Gosselin