YET ANOTHER LENOVO SECURITY BLUNDER
And not even your antivirus can save you
Computer manufacturer Lenovo has admitted that many of its PCS suffer from a newly discovered security flaw that could allow hackers to bypass Windows – and all your security software – andnd take control of your computer. ter.
An independent researcher her discovered the flaw in the Unified Extensible Firmwaree Interface (UEFI) driver useded in many of Lenovo’s PCS. Any attacker who was able to gain physical access to the PC could exploit the vulnerability to bypass the flash memory’s write protection, allowing them to take control of the PC before Windows has started.
Currently, only Lenovo Thinkpad models are thought to be affected, but because many PC makers source their components from the same companies, it’s possible that other models and manufacturers could suffer from the flaw. Lenovo claims the problem could even be “industry-wide” ( www.snipca.com/21126).
Lenovo is the biggest PC manufacturer in the world, shipping an estimated 57 million PCS worldwide in 2015, according to Gartner ( www.snipca.com/21123). But the Chinese firm has a chequered history when it comes to security. In February 2015, millions of Lenovo PCS were found to have unsafe adware known as Superfish pre-installed on them. And, only a few months later, another flaw was discovered in the Lenovo Solution Center tool that came loaded on many of the company’s best-selling PCS and laptops.
At the time of going to press, Lenovo hadn’t supplied a solution to the latest flaw, although the company says it is committed to working with its partners to “develop a fix that eliminates this vulnerability as rapidly as possible.” In the meantime, Lenovo recommends owners check its Product Security Advisory website ( www.snipca.com/21124) for further updates.