We’re excited to deliver Remodel 2022 again in-person July 19 and just about July 20 – 28. Be a part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register at this time!
Right this moment, ESET introduced that certainly one of its researchers had found numerous vulnerabilities inside Lenovo client laptops, impacting over hundred totally different fashions and tens of millions of customers worldwide.
In line with Martin Smolár, the malware analyst at ESET who recognized the vulnerabilities, CVE-2021-3970, CVE-2021-3971 and CVE-2021-3972 can allow attackers “to disable safety mechanisms and set up their UEFI malware on the methods.”
In impact, this may allow an attacker to deploy UEFI-based malware corresponding to LoJax and ESpecter.
“UEFI threats will be extraordinarily stealthy and harmful. They’re executed early within the boot course of, earlier than transferring management to the working system, which implies that they will bypass nearly all safety measures and mitigations larger within the stack that would forestall their working system payloads from being executed,” Smolár mentioned.
Whereas the vulnerabilities solely have an effect on client Lenovo laptops, with extra organizations embracing distant work following the COVID-19 pandemic, many staff are utilizing client units to make money working from home. The truth is, research exhibits that 49% of staff nonetheless use private computer systems for work.
Because of this, the Lenovo vulnerabilities found at this time might be used to realize entry to an worker’s private system, which an an attacker can use to reap protected knowledge and even work towards breaking into different units on the community.
How dangerous is the UEFI malware menace?
In recent times, there have been numerous high-profile assaults which have concerned UEFI threats, most not too long ago on the finish of final 12 months, when Kaspersky SecureList found a UEFI firmware-level compromise throughout the logs of its Firmware Scanner.
On this occasion, the hackers launched an an infection chain to the execution movement of the machine’s boot sequence to compromise the scanner.
At a excessive stage, what makes UEFI malware threatening is that after an attacker infects a pc’s UEFI, they will take management of the system and entry any information saved on it, at will. On the similar time the malware isn’t eliminated even when the person reinstalls the working system or replaces the arduous drive.
Though organizations shouldn’t ignore the Lenovo firmware vulnerability, Gartner analyst, Peter Firstbrook highlights that the chance posed by these newest Lenovo vulnerabilities is minimal, attributable to how complicated they’re to take advantage of.
“The fast danger is low. These are tough vulnerabilities to take advantage of, some require privileged entry and good Endpoint safety options ought to detect the exercise required to take advantage of the CVEs. Nonetheless, for shoppers that don’t patch, and wouldn’t have behavioral endpoint safety, this might be a serious lengthy lived drawback,” Firstbrook mentioned.
“Firmware implants are tough to detect utilizing commonplace antivirus software program. In the long run, most organizations usually are not ready for vulnerability detection and patching of Firmware,” Firstbrook mentioned.
What enterprises can do to repair the newfound Lenovo vulnerabilities
The one technique to repair these new vulnerabilities is to replace the laptop computer’s firmware. Lenovo has launched a list of all affected units, alongside directions on methods to replace them, in order that customers can seek for merchandise by identify or machine kind, and deploy guide updates to the affected elements.
Although this can be a easy course of, in distant working environments the place staff are utilizing private Lenovo units issues are harder, as safety groups must depend on staff to deploy the updates.
The best technique to encourage staff to deploy the updates is to ship out an electronic mail notifying workers concerning the dangers these vulnerabilities current to their private data and the broader enterprise, alongside the checklist of affected units launched by Lenovo.
