This means the vulnerabilities are not caused by a bug in the code but rather a practical error of including the incorrect driver on production devices. The problem arises from Lenovo mistakenly including an early development driver that could change secure boot settings from the OS in the final production versions. The consequences of running unsigned, malicious code before OS boot are significant, as threat actors can bypass all security protections to plant malware that persists between OS reinstallations. UEFI Secure Boot is a verification system that ensures no malicious code can be loaded and executed during the computer boot process. Lenovo has fixed two high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models that could allow an attacker to deactivate UEFI Secure Boot.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |