Your Lenovo Is Vulnerable to a New Malware Attack
Lenovo laptop users need to install critical security patches immediately to fix several serious vulnerabilities that leave their devices vulnerable to dangerous malware attacks.
Why are Lenovo laptops vulnerable?
According to a recent Lenovo security bulletin , the manufacturer’s Unified Extensible Firmware Interface (UEFI) on more than 100 laptop models of the manufacturer has many bugs that hackers can use to write and install modified firmware with hidden malware, which in turn opens the device. – and data about it – for further operation. Given the nature of the errors, it is almost impossible to find and remove modified firmware or hidden malware installed on an infected device.
How can a hacker use Lenovo’s security system?
Although serious, an attacker would need local administrator access to successfully exploit the UEFI vulnerabilities, which is only possible with physical access to the vulnerable device or remote access through a virtual desktop program. Anyone with a smattering of cybersecurity knowledge will recognize the threat such bugs can pose to enterprise-grade Lenovo users and corporations that allow employees to use work machines remotely, but according to the list of affected devices, the vulnerabilities only appear on consumer-grade Lenovo laptops . where they are much less likely that some random attacker will get the needed access.
As Ars Technica points out, there are only a few known cases of hacking UEFI firmware: the infamous Trickbot malware; Lojax malware written by the Russian state hacker group Sednit; and a custom UEFI discovered by cybersecurity firm Kaspersky in 2018, though the only two targets were political figures from Asia.
So should I be worried?
While it is unlikely that these bugs will be used in real life, there is still cause for concern for the average user. Hackers often trick unsuspecting users into installing remote desktop software on their computers without realizing it, usually through phishing, fake ads, or modified downloads. In some cases, hackers can even elevate their user privileges to remotely install applications and firmware, and the millions of unpatched Lenovo laptops are now the perfect target.
How to update a Lenovo laptop
You can check which laptops are affected in the Lenovo Security Bulletin. If your laptop model is listed, please follow the links in the bulletin to download and install the corrected firmware on your computer. Downloads can also be found on Lenovo’s official support page .