Intel and Hewlett Packard have released a security alert for a ThinkPwn vulnerability

Earlier, we wrote several times about the ThinkPwn LPE vulnerability, which was discovered in one of the drivers for Lenovo Lenovo UEFI firmware. The vulnerability was discovered by the security recercher under the nickname Cr4sh and is considered quite dangerous, since it can compromise the most advanced protection mechanisms of Windows 10 for boot and Hyper-V code like Secure Boot, Virtual Secure Mode (VSM) and Credential Guard. ThinkPwn is present in the SMM driver called SystemSmmRuntimeRt and allows an attacker to run his code in SMM mode. We also indicated that Lenovo issued a security notice LEN-8324 and began to gradually fix ThinkPwn in UEFI firmware and release these updates for owners of Lenovo computers. This time the turn came to the firmware of computers Intel and HP, because ThinkPwn is relevant for them.

The urgency of the vulnerability for Intel and HP is explained by the fact that the code for this driver is not limited to using only Lenovo firmware. Since Lenovo itself, like other computer manufacturers, does not develop UEFI / BIOS code, but asks third-party vendors (IBV) for this, the vulnerable code applies to different models and series of computers from different manufacturers.

HP has issued a security notice with the identifier HPSBBHF3549 ( ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege ).
')

A number of security issues identified by the UEFI firmware, dubbed ThinkPwn, have been identified. The vulnerability could be exploited in an arbitrary code in System Management Mode, resulting in an elevation of privilege or denial of service.

Fig. The models of EliteBook and ProBook series notebooks for which ThinkPwn is relevant. Vulnerability is also relevant for HP Pavilion series notebooks.

Firmware updates for the notebook models listed on the website can be downloaded on the HP hp.com website in the Support section by selecting the Download Drivers option. Then select the product, OS, BIOS version, which number is listed in the table and download the update.

Intel also issued a security notice with an INTEL-SA-00056 identifier ( SmmRuntime Escalation of Privilege ). It indicates that ThinkPwn is relevant for motherboards of servers of the series of Intel Server Board S1200 / 1400/1600/2400/2600/4600. A firmware update will be released on September 19th.


Fig. Vulnerable versions of the Intel Server Board and update dates for them.

We recommend that users install the appropriate firmware updates of their computers in a timely manner.


be secure.