Lenovo Notebook BIOS Vulnerability

Security Alert:  4/25/22

As part of our ongoing effort to keep our users informed, please be aware of the recent vulnerability detected for Lenovo Notebooks.  If you have questions, or would like to have your machines reviewed, please contact our Help Desk. 

Potential Impact:  Privilege Escalation

Mitigation Strategy: Update system firmware to the version (or newer) indicated for your model in the Product Impact section.

Security Advisory for Lenova Notebook BIOS Vulnerabilities   The following vulnerabilities were reported in Lenovo Notebook BIOS.

• CVE-2021-3970: A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
• CVE-2021-3971: A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
• CVE-2021-3972: A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

View a full summary description of the alert from the manufacturer Here.

While no company is entirely safe from these threats, having a comprehensive and ongoing endpoint security plan is a best practice for any business. Our comprehensive knowledge and application of endpoint security strategies will help protect your business. We stay up to the minute on the latest anti-virus and anti-malware programs and services to help maintain security and protect your data and network from various attacks. Contact us today to learn more about our endpoint security services.