Millions of Lenovo laptop users are in danger-Information Technology

Recently, security researchers at ESET have discovered 3 critical vulnerabilities in more than 100 Lenovo laptop models, affecting millions of users.

All three vulnerabilities allow attackers to gain top-level permissions on the computer in one way or another. According to the researchers, the vulnerability affects more than 100 different laptop models, however, fortunately Lenovo has started releasing patches to fix the problem.

Many Lenovo laptop models suffer from security holes. Photo: Lenovo

– CVE-2021-3970: A potential vulnerability in the LenovoVariable SMI Handler that allows an attacker to gain access and execute arbitrary code with elevated privileges.

– CVE-2021-3971: A potential vulnerability caused by an outdated driver that allows an attacker to modify the firmware protected area.

– CVE-2021-3972: A potential vulnerability caused by mistakenly disabled drivers, allowing attackers to modify secure boot related settings.

Three vulnerabilities were discovered affecting laptop models such as Lenovo Flex, IdeaPads, Legion, V14, V15 and V17 series, and Yoga.

“UEFI threats can be extremely stealthy and dangerous,” said ESET researcher Martin Smolár. They are executed early in the boot process, before control is transferred to the operating system, which means they can bypass most security measures.”