Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Lenovo tries hard to get a fix for its BIOS security vulnerability

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 4, 2016

We learned today that some PC makers including Lenovo are exposed to a UEFI security issue that can be exploited to disable firmware write-protection on devices.

If the various claims made by Dmytro Oleksiuk at Github are valid (and they should be), an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, and bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.”

The reason Oleksiuk believes other PC vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.

For its part, Lenovo complains in its user advisory that it tried to make contact with Oleksiuk before he published the security vulnerability.

The company says the vulnerable System Management Mode (SMM) software came from an upstream BIOS vendor, making it likely that other vendors getting BIOS software from the same outlet will also be vulnerable.

There's also a hint that Lenovo agrees with a speculation by Oleksiuk, that the code may be an intentional backdoor-- “Lenovo is engaging all of its people as well as Intel to correctly identify or rule out any additional instances of the vulnerability's presence in the BIOS provided to Lenovo by other vendors, as well as the original purpose of the vulnerable code”.

Oleksiuk's Github publication includes various instructions for seeking out the vulnerable code.

Source: Dmytro Oleksiuk.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer