Many Lenovo computers can be infected with malware that is almost impossible to remove

Many Lenovo computers can be infected with malware that is almost impossible to remove

Lenovo has released security updates for over a hundred different laptop models. These remove a total of three very serious vulnerabilities in the computers UEFI/BIOS platform.

One of the vulnerabilities, CVE-2021-3971, allows an attacker to modify the protection zone of a computer’s firmware if the attacker has elevated privileges, i.e. administrator access. An attacker could exploit the CVE-2021-3970 vulnerability to gain this access.

In addition, the CVE-2021-3972 vulnerability allows a highly privileged attacker to modify the system’s Secure Boot settings.

Keeps damage hidden

These possibilities allow attackers to install malware that is difficult to detect as well as difficult to remove.

The two UEFI-related vulnerabilities are due to the fact that UEFI drivers intended for use during the manufacturing process are still available on delivered systems, without being properly disabled. This is written by the IT security company EsetWho discovered the vulnerabilities last fall. Lenovo was notified of it on October 11, 2021.

Initially, security updates and vulnerabilities details were scheduled to be released on February 8, but due to development issues, this has been delayed for more than two months.

consumer models

It is the consumer market laptop models that are primarily affected by the vulnerabilities. This includes a number of models in the IdeaPad, Legion, and Yoga families. Some computers are affected only by two of the three vulnerabilities. A full overview can be found at This page.

It is therefore necessary to install a BIOS update on the affected systems. This is usually not something that can be done through Windows Update. Instead, users should take the initiative to install the update.

See also  The Elon Musk satellite network is available in Norway

The easiest way is usually to use Lenovo’s Update Tool which is usually included on PCs, but can also be done manually by following the individual model-specific links in Lenovo’s overview.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *