Business owners beware latest Lenovo flaw was originally posted to Nimbus CS, Northern Ireland
Lenovo PCs are very popular among businesses for their ruggedness, longevity and support. However, in recent years the machines have struggled with a couple of issues. Last year, small businesses and individual buyers found their machines pre-loaded with some spyware products, which seems at odds with the company's claim of a security-first focus. Now, here comes something that isn't the company's fault, but poses a greater threat. The new worry is caused by a new zero-day vulnerability. It can disable the protected areas of any Lenovo ThinkPad PC's firmware. The protected area plays host to a range of security features, including Microsoft Windows' Secure Boot, Virtual Secure Mode and the enterprise feature Credential Guard. [caption id="attachment_1270" align="aligncenter" width="500"]
Lenovo Thinkpad x100e by acidpix licensed under Creative commons 4[/caption] As it is a zero-day exploit, there is currently no fix, so all businesses running Lenovo PCs should be very careful about what files they open and sites they visit. The exploit was developed by a security researcher, who released it without telling Lenovo, so hackers will be quick to make use of it. Any active attack will probably appear in emails claiming to be an urgent driver update, since the hack involves the PC's Unified Extensible Firmware Interface (UEFI) driver. Anyone running it could soon find their PC open to other attacks and infected with hacker tools to steal information or use the PC to spy on other systems. This bug may also be tweaked by hackers to work on PCs other than Lenovo-branded products. Depending on the Intel chipset in the PC, some models may be secure against this particular threat - time will tell as researchers investigate. However, as with this and the many other threats out there, it is a timely reminder that now would be a very good time to improve your business's antivirus software, firewalls, email protection and other essentials. If your business hasn't considered professional support for its IT, we can help provide network, server and IT support. Hosted email and calendars can improve collaboration, while moving services to the cloud can help reduce costs and create a more flexible and secure IT environment for your business. Whatever your needs, get in touch before it is too late and disaster strikes.
No comments:
Post a Comment