Up to 100 Lenovo laptops are a security risk — what now?

Several Lenovo laptops won't be patched, as they're nearing the end of support.

Credit: Dreamstime

Security firm ESET has found several UEFI vulnerabilities in a wide swathe of over 100 different Lenovo consumer laptop models, which can be patched by updating the notebook's firmware.

The full list of affected laptops includes the Ideapad-3, the Legion 5 Pro-16ACH6 H, and the Yoga Slim 9-14ITL0. ESET discovered the vulnerability late last year. Lenovo then worked to develop a patch and released it on the manufacturer's website. ESET didn't say whether these vulnerabilities were actively being exploited in the wild.

Specifically, the three different vulnerabilities would allow an attacker to modify either the protected boot settings or the firmware itself, a change that would survive the reinstallation of the operating system, ESET said. UEFI threats can be extremely stealthy and dangerous, the firm wrote. 

They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.

A third vulnerability in the SMI Handler code would allow an attacker with local access and elevated privileges to execute arbitrary code, giving them control of the machine.

To solve the problem, Lenovo recommends that users navigate to the support site (support.lenovo.com), which resolves to pcsupport.lenovo.com. The laptop manufacturer has addressed the vulnerability with a specific Web page devoted to it, where you can find this as well as supplementary information.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Lenovo

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Mark Hachman

Mark Hachman

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?