Lenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops By Orbit Brain July 13, 2022 0 476 viewsCyber Security News Residence › Endpoint SafetyLenovo Patches UEFI Code Execution Vulnerability Affecting Many LaptopsBy Eduard Kovacs on July 13, 2022TweetLenovo has launched a safety advisory to tell prospects that greater than 70 of its laptops are affected by a UEFI/BIOS vulnerability that may result in arbitrary code execution.Researchers at cybersecurity agency ESET found a complete of three buffer overflow vulnerabilities that may enable an attacker with native privileges to affected Lenovo units to execute arbitrary code. Nonetheless, Lenovo says solely one of many vulnerabilities (CVE-2022-1892) impacts all units, whereas the opposite two affect solely a handful of laptops.“The vulnerabilities will be exploited to realize arbitrary code execution within the early phases of the platform boot, presumably permitting the attackers to hijack the OS execution stream and disable some vital safety features,” ESET defined.“These vulnerabilities had been attributable to inadequate validation of DataSize parameter handed to the UEFI Runtime Providers operate GetVariable. An attacker may create a specifically crafted NVRAM variable, inflicting buffer overflow of the Knowledge buffer within the second GetVariable name,” it added.Lenovo has additionally knowledgeable prospects about Retbleed, a brand new speculative execution assault impacting units with Intel and AMD processors.The corporate has additionally issued an advisory for a few vulnerabilities affecting many merchandise that use the XClarity Controller server administration engine. These flaws can enable authenticated customers to trigger a DoS situation or make unauthorized connections to inner providers.Firmware vulnerabilities should not unusual. Whereas a few of them are particular to the merchandise of a single vendor, researchers have additionally found vulnerabilities in third-party parts utilized by many producers.As an illustration, firmware safety firm Binarly not too long ago recognized practically two dozen vulnerabilities in InsydeH2O UEFI firmware code utilized by greater than 25 distributors, together with HP, Lenovo, Fujitsu, Microsoft, Intel, Dell, Bull and Siemens.Whereas Insyde Software program, the maker of InsydeH2O, patched the vulnerabilities after being notified by Binarly, it may take a while till the fixes are adopted by producers and attain hundreds of thousands of finish customers. The maker of modular and upgradable Framework laptops solely not too long ago knowledgeable prospects in regards to the availability of patches for these flaws.Associated: Firmware Flaws Permit Disabling Safe Boot on Lenovo LaptopsAssociated: Excessive-Severity UEFI Vulnerabilities Patched in Dell Enterprise LaptopsAssociated: HP Patches UEFI Vulnerabilities Affecting Over 200 Computer systemsGet the Every day Briefing Most LatestMost LearnLenovo Patches UEFI Code Execution Vulnerability Affecting Many LaptopsRetbleed: New Speculative Execution Assault Targets Intel, AMD ProcessorsDLL Hijacking Flaw Mounted in Microsoft Azure Web site RestorationMicrosoft Releases Open Supply Toolkit for Producing SBOMsBlockchain Safety Startup BlockSec Raises $eight MillionSAP Patches Excessive-Severity Vulnerabilities in Enterprise One ProductHonda Admits Hackers Might Unlock Automobile Doorways, Begin EnginesMicrosoft Patch Tuesday: 84 Home windows Vulns, Together with Already-Exploited Zero-DayEuropean Central Financial institution Head Focused in Hacking TryAdobe Patch Tuesday: Vital Flaws in Acrobat, Reader, PhotoshopIn search of Malware in All of the Incorrect Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of Failure Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so Engaging Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise CVE-2022-1892 firmware lenovo patch UEFI vulnerabilities XClarity Controller Orbit Brainhttp://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Vulnerability in Amazon Photos Android App Exposed User InformationIntroducing the Cyber Security News Vulnerability in Amazon Photos Android App Exposed User Information.... June 30, 2022 Cyber Security News
AWS Enables Default Server-Side Encryption for S3 ObjectsIntroducing the Cyber Security News AWS Enables Default Server-Side Encryption for S3 Objects.... January 9, 2023 Cyber Security News
CircleCI Hacked via Malware on Employee LaptopIntroducing the Cyber Security News CircleCI Hacked via Malware on Employee Laptop.... January 16, 2023 Cyber Security News
New Cross-Platform ‘Luna’ Ransomware Only Offered to Russian AffiliatesIntroducing the Cyber Security News New Cross-Platform ‘Luna’ Ransomware Only Offered to Russian Affiliates.... July 23, 2022 Cyber Security News
Chinese Cyberspy Group ‘RedAlpha’ Targeting Governments, Humanitarian EntitiesIntroducing the Cyber Security News Chinese Cyberspy Group ‘RedAlpha’ Targeting Governments, Humanitarian Entities.... August 19, 2022 Cyber Security News
Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was StolenIntroducing the Cyber Security News Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen.... December 6, 2022 Cyber Security News