Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Lenovo Patches UEFI Code Execution Vulnerability Affecting More Than 70 Laptop Models

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Lenovo Patches UEFI Code Execution Vulnerability Affecting More Than 70 Laptop Models


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. SecurityWeek reports: Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execute arbitrary code. However, Lenovo says only one of the vulnerabilities (CVE-2022-1892) impacts all devices, while the other two impact only a handful of laptops. "The vulnerabilities can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features," ESET explained. "These vulnerabilities were caused by insufficient validation of DataSize parameter passed to the UEFI Runtime Services function GetVariable. An attacker could create a specially crafted NVRAM variable, causing buffer overflow of the Data buffer in the second GetVariable call," it added. Lenovo has also informed customers about Retbleed, a new speculative execution attack impacting devices with Intel and AMD processors. The company has also issued an advisory for a couple of vulnerabilities affecting many products that use the XClarity Controller server management engine. These flaws can allow authenticated users to cause a DoS condition or make unauthorized connections to internal services.

Read more of this story at Slashdot.

...



๐Ÿ“Œ Lenovo Patches UEFI Code Execution Vulnerability Affecting More Than 70 Laptop Models


๐Ÿ“ˆ 79.32 Punkte

๐Ÿ“Œ Lenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops


๐Ÿ“ˆ 52.45 Punkte

๐Ÿ“Œ New UEFI firmware flaws impact over 70 Lenovo laptop models


๐Ÿ“ˆ 34.75 Punkte

๐Ÿ“Œ Lenovo UEFI Firmware Vulnerabilities Risk Numerous Laptop Models


๐Ÿ“ˆ 34.75 Punkte

๐Ÿ“Œ New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ Three UEFI Firmware flaws found in tens of Lenovo Notebook models


๐Ÿ“ˆ 28.57 Punkte

๐Ÿ“Œ Lenovo patches UEFI firmware vulnerabilities impacting millions of users


๐Ÿ“ˆ 27.11 Punkte

๐Ÿ“Œ UEFI-Firmware-Schwachstelle betrifft รผber 70 Lenovo-Laptop-Modelle


๐Ÿ“ˆ 25.68 Punkte

๐Ÿ“Œ UEFI-Firmware-Schwachstelle betrifft รผber 70 Lenovo-Laptop-Modelle


๐Ÿ“ˆ 25.68 Punkte

๐Ÿ“Œ UEFI-Firmware-Schwachstelle betrifft รผber 70 Lenovo-Laptop-Modelle - WinFuture.de


๐Ÿ“ˆ 25.68 Punkte

๐Ÿ“Œ Netgear Patched Serious Vulnerability Affecting Multiple Router Models


๐Ÿ“ˆ 25.54 Punkte

๐Ÿ“Œ UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc


๐Ÿ“ˆ 24.97 Punkte

๐Ÿ“Œ UEFI Firmware Parser - Parse BIOS/Intel ME/UEFI Firmware Related Structures: Volumes, FileSystems, Files, Etc


๐Ÿ“ˆ 24.97 Punkte

๐Ÿ“Œ Bn-Uefi-Helper - Helper Plugin For Analyzing UEFI Firmware


๐Ÿ“ˆ 24.97 Punkte

๐Ÿ“Œ Point-of-Sale Firm Suffered Malware Attack Affecting More Than 130 Outlets


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ Patch Plugs More Than a Dozen Vulnerabilities Affecting Industrial Secure Router Series


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ The us government shutdown is affecting more than just physical sites like national parks and monuments.


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ Wawa Announces Data Breach Potentially Affecting More Than 850 Stores


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ Bitglass Security Spotlight: Wishbone App Breached, Affecting More Than 40 Million Users


๐Ÿ“ˆ 24.88 Punkte

๐Ÿ“Œ Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions


๐Ÿ“ˆ 24.08 Punkte

๐Ÿ“Œ New Ubuntu Kernel Update Patches a Single Vulnerability Affecting All Versions


๐Ÿ“ˆ 24.08 Punkte

๐Ÿ“Œ Adobe Patches Vulnerability Affecting Internal Systems


๐Ÿ“ˆ 24.08 Punkte

๐Ÿ“Œ Canonical Patches Dirty Sock Vulnerability Affecting Ubuntu, Other Linux Distros


๐Ÿ“ˆ 24.08 Punkte

๐Ÿ“Œ Lenovo Patches Arbitrary Code Execution Flaw


๐Ÿ“ˆ 23.49 Punkte

๐Ÿ“Œ Lenovo Patches High-Severity Arbitrary Code Execution Flaws


๐Ÿ“ˆ 23.49 Punkte

๐Ÿ“Œ AMD Preparing Patches for UEFI SMM Vulnerability


๐Ÿ“ˆ 23.31 Punkte

๐Ÿ“Œ Open Source is More Secure than Closed Source because Closed Source is More Secure than Open Source


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Bug Trio Affecting Eight D-Link Models Leads to Full Compromise


๐Ÿ“ˆ 22.32 Punkte

๐Ÿ“Œ SmartTV Insecurity - details of vulnerabilities affecting Samsung D6000 series and Philips (2013 models) [27 May 2014]


๐Ÿ“ˆ 22.32 Punkte

๐Ÿ“Œ Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models


๐Ÿ“ˆ 22.32 Punkte











matomo