One of the security researchers of ESET company noticed a few months ago that some laptops made by Lenovo have vulnerable UEFI and according to the news agency NeowinA new set of three similar vulnerabilities has been found in Lenovo laptops.
These laptops use Windows 11 and Windows 10 operating systems by default. Lenovo details these vulnerabilities has published which are known as CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432 in the vulnerability database.
According to Lenovo, the CVE-2022-3431 vulnerability was deliberately created during production for testing purposes, and the company may not have fixed the vulnerability in a number of laptops. The CVE-2022-3432 vulnerability is found in the old Ideapad Y700-14ISK laptop.
New vulnerabilities found in the Driver Execution Environment (DXE) of Lenovo laptops allow hackers to disable Secure Boot by modifying NVRAM values.
Lenovo has requested its users to update the BIOS of the device. The company says the Ideapad Y700-14ISK laptop has reached the end of its software support cycle and will not receive any new updates.
Source link
