Jack Wilkinson Jul 2, 2016 A zero-day exploit has been discovered in a Unified Extensible Firmware Interface (UEFI) driver, this exploit allows the attacker to remove the write protection that is on the flash memory, giving them open-ended access to run any scripts that they wish on the System Management Mode, which is normally a privileged operating mode for the CPU.
The exploit has been dubbed ThinkPwn, a play on words of ThinkPad and Pwned. Once the attacker has used ThinkPwn to open the machine to attack, they can disable Secure Boot which is used to verify the authenticity of an OS bootloader, in order to prevent rootkits at the boot-level. After Secure Boot is disabled, Windows security features can then be accessed and disabled, too. One of those features is Credential Guard, which is used to keep enterprise domain credentials secure, amongst other pieces of data.
Full Article
Zero-day exploit bypasses Windows security features, affects Lenovo ThinkPads
Userlevel 7
+54
Userlevel 7
Well, that is really not good at all...the whole idea of 'lowering' the levl at which security is applied was to make it harder for the miscreants...but this seems to give them the keys to the safe. :(
Userlevel 7
+54
An update, it seems to be taking other makes into the equation.
By Eduard Kovacs on July 04, 2016
A researcher has discovered a zero-day firmware vulnerability that can be exploited by malicious hackers to disable security features on Lenovo, HP and likely other PCs.
Researcher Dmytro Oleksiuk revealed last week that he had identified a privilege escalation vulnerability in the Unified Extensible Firmware Interface (UEFI) present on all Lenovo ThinkPad series laptops. UEFI is the successor of the Basic Input/Output System (BIOS) firmware interface.
Full Article
By Eduard Kovacs on July 04, 2016
A researcher has discovered a zero-day firmware vulnerability that can be exploited by malicious hackers to disable security features on Lenovo, HP and likely other PCs.
Researcher Dmytro Oleksiuk revealed last week that he had identified a privilege escalation vulnerability in the Unified Extensible Firmware Interface (UEFI) present on all Lenovo ThinkPad series laptops. UEFI is the successor of the Basic Input/Output System (BIOS) firmware interface.
Full Article
Userlevel 7
That is really bad news...and I suspect that these new additions will not be the last...unfortunately.
Userlevel 7
+7
So is WSA on top of this for us already or will it be a while? Or is it a patch that has to come from Lenovo? I have one of the mentioned machines which I rarely use but once per month I do update everything and let the battery charge. Can the exploit migrate from the Lenovo to my two desktops.....Cybertron and Dell?
Userlevel 7
Good question, BlazeTen...I would assume that the Webroot SupportTeam are aware of this and will do what they can to mitigate the exploit...if WSA does not already. :D
But will be interesting to see what transpires here. ;)
But will be interesting to see what transpires here. ;)
Userlevel 7
+34
As a ThinkPad user I was getting worried until I read the last sentence of the article that gave me a lot of reassurance:
"The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive."
"The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive."
Userlevel 7
+7
Thanks for that fellows. I read the full article...almost...All is better now knowing that.
Userlevel 7
+54
I am glad to be service to you all.@ wrote:
Thanks for that fellows. I read the full article...almost...All is better now knowing that.
Userlevel 7
+54
By Michael Mimoso July 5, 2016
A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte. The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available.
Full Article
A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte. The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.