1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lenovo ThinkPwn UEFI exploit also affects products from other vendors

Discussion in 'CSO' started by RSS, Jul 5, 2016.

  1. RSS

    RSS New Member Member

    A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.

    An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPU's privileged SMM (System Management Mode).

    This level of access can then be used to install a stealthy rootkit inside the computer's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or to disable Windows security features such as Secure Boot, Virtual Secure Mode and Credential Guard that depend on the firmware being locked down.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page