Lenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops By Orbit Brain July 13, 2022 0 433 views Residence › Endpoint SafetyLenovo Patches UEFI Code Execution Vulnerability Affecting Many LaptopsBy Eduard Kovacs on July 13, 2022TweetLenovo has launched a safety advisory to tell prospects that greater than 70 of its laptops are affected by a UEFI/BIOS vulnerability that may result in arbitrary code execution.Researchers at cybersecurity agency ESET found a complete of three buffer overflow vulnerabilities that may enable an attacker with native privileges to affected Lenovo units to execute arbitrary code. Nonetheless, Lenovo says solely one of many vulnerabilities (CVE-2022-1892) impacts all units, whereas the opposite two affect solely a handful of laptops.“The vulnerabilities will be exploited to realize arbitrary code execution within the early phases of the platform boot, presumably permitting the attackers to hijack the OS execution stream and disable some vital safety features,” ESET defined.“These vulnerabilities had been attributable to inadequate validation of DataSize parameter handed to the UEFI Runtime Providers operate GetVariable. An attacker may create a specifically crafted NVRAM variable, inflicting buffer overflow of the Knowledge buffer within the second GetVariable name,” it added.Lenovo has additionally knowledgeable prospects about Retbleed, a brand new speculative execution assault impacting units with Intel and AMD processors.The corporate has additionally issued an advisory for a few vulnerabilities affecting many merchandise that use the XClarity Controller server administration engine. These flaws can enable authenticated customers to trigger a DoS situation or make unauthorized connections to inner providers.Firmware vulnerabilities should not unusual. Whereas a few of them are particular to the merchandise of a single vendor, researchers have additionally found vulnerabilities in third-party parts utilized by many producers.As an illustration, firmware safety firm Binarly not too long ago recognized practically two dozen vulnerabilities in InsydeH2O UEFI firmware code utilized by greater than 25 distributors, together with HP, Lenovo, Fujitsu, Microsoft, Intel, Dell, Bull and Siemens.Whereas Insyde Software program, the maker of InsydeH2O, patched the vulnerabilities after being notified by Binarly, it may take a while till the fixes are adopted by producers and attain hundreds of thousands of finish customers. The maker of modular and upgradable Framework laptops solely not too long ago knowledgeable prospects in regards to the availability of patches for these flaws.Associated: Firmware Flaws Permit Disabling Safe Boot on Lenovo LaptopsAssociated: Excessive-Severity UEFI Vulnerabilities Patched in Dell Enterprise LaptopsAssociated: HP Patches UEFI Vulnerabilities Affecting Over 200 Computer systemsGet the Every day Briefing Most LatestMost LearnLenovo Patches UEFI Code Execution Vulnerability Affecting Many LaptopsRetbleed: New Speculative Execution Assault Targets Intel, AMD ProcessorsDLL Hijacking Flaw Mounted in Microsoft Azure Web site RestorationMicrosoft Releases Open Supply Toolkit for Producing SBOMsBlockchain Safety Startup BlockSec Raises $eight MillionSAP Patches Excessive-Severity Vulnerabilities in Enterprise One ProductHonda Admits Hackers Might Unlock Automobile Doorways, Begin EnginesMicrosoft Patch Tuesday: 84 Home windows Vulns, Together with Already-Exploited Zero-DayEuropean Central Financial institution Head Focused in Hacking TryAdobe Patch Tuesday: Vital Flaws in Acrobat, Reader, PhotoshopIn search of Malware in All of the Incorrect Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of Failure Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so Engaging Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp CVE-2022-1892 firmware lenovo patch UEFI vulnerabilities XClarity Controller Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Oracle Fusion Middleware Vulnerability Exploited in the WildIntroducing the Cyber Security News Oracle Fusion Middleware Vulnerability Exploited in the Wild.... November 29, 2022 Cyber Security News
Estonia Blocks Cyberattacks Claimed by Russian HackersIntroducing the Cyber Security News Estonia Blocks Cyberattacks Claimed by Russian Hackers.... August 19, 2022 Cyber Security News
Uber Investigating Data Breach After Hacker Claims Extensive CompromiseIntroducing the Cyber Security News Uber Investigating Data Breach After Hacker Claims Extensive Compromise.... September 16, 2022 Cyber Security News
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine AdsIntroducing the Cyber Security News FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads.... December 22, 2022 Cyber Security News
AWS Enables Default Server-Side Encryption for S3 ObjectsIntroducing the Cyber Security News AWS Enables Default Server-Side Encryption for S3 Objects.... January 9, 2023 Cyber Security News
US Indicts Iranians Who Hacked Power Company, Women’s ShelterIntroducing the Cyber Security News US Indicts Iranians Who Hacked Power Company, Women’s Shelter.... September 14, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 72