ESET: Millions Using Lenovo Laptops Potentially Vulnerable to Malware Attacks

The vulnerabilities could be in laptops used by businesses.

Edward Gately, Senior News Editor

April 20, 2022

3 Min Read
Vulnerability, 3 vulnerabilities

More than 100 models of Lenovo laptops used by millions globally contain vulnerabilities that could allow attackers to deploy and successfully execute unified extensible firmware interface (UEFI) malware.

ESET discovered the vulnerabilities and reported them to Lenovo last October. Lenovo sent us the following statement:

“Lenovo thanks ESET for bringing to our attention an issue in drivers used in the manufacturing of some consumer notebooks. The drivers have been fixed, and customers who update as described in the Lenovo advisory are protected. Lenovo welcomes collaboration with BIOS (firmware that runs while a computer boots up) researchers as we increase our investments in BIOS security to ensure our products continue to meet or exceed industry standards.”

ESET Discovers 3 Vulnerabilities

Tony Anscombe is chief security evangelist at ESET.


ESET’s Tony Anscombe

“If the vulnerability is exploited, there is potential that the bad actor could deploy threats such as LoJax or ESPecter,” he said. “Threats such as these allow the attacker to insert malware into the boot process of the operating system, thus circumventing many of the security measures that would be in place during a normal boot process.”

Lenovo markets the vulnerable devices to consumers, Anscombe said.

“However, small businesses or organizations that have less stringent rules on device types may be using consumer devices in a business environment,” he said. “All Lenovo users should check if their device is on the list.”

The first two of these vulnerabilities affect UEFI firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks. Attackers can disable SPI flash protections or the UEFI Secure Boot feature from a privileged user-mode process during OS runtime.

The third vulnerability allows arbitrary read/write from/into the special memory range (SMRAM). That can lead to the execution of malicious code with system management mode (SMM) privileges and potentially lead to the deployment of an SPI flash implant.

Extremely Stealthy and Dangerous

Martin Smolár is the ESET researcher who discovered the vulnerabilities in Lenovo laptops.


ESET’s Martin Smolár

“UEFI threats can be extremely stealthy and dangerous,” he said. “Our discovery demonstrates that in some cases, deployment of the UEFI threats might not be as difficult as expected.”

Threats can bypass almost all security measures and mitigations higher in the stack, according to ESET. It also appears that UEFI vulnerabilities are growing, and that bad actors are aware of this.

Ray Steen is chief strategy officer of MainSpring, a Washington, D.C., area managed IT service provider. He said Lenovo isn’t the first vendor to include “out-of-the-box” security vulnerabilities in its products. This leaves “countless workstations” susceptible to firmware-level attacks.

“In recent years, software and hardware supply chains have been sources of escalating risk, reminding us that cybersecurity cannot be an afterthought in the modern business environment,” he said.

Now more than ever, organizations need support from C-level cybersecurity professionals like CIOs and virtual CIOs, Steen said. They can evaluate vendors for security practices, implement patches and more.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like