Lenovo fixed vulnerabilities in the firmware of their computers
Lenovo fixed two important vulnerabilities in the system software of their computers. Lenovo Notebook and ThinkServer systems and LEN-8327 ( Microsoft Device Guard protection bypass ) fixes the vulnerabilities fixed by LEN-9903 ( Intel ME protection not set on some ). The first vulnerability with the CVE-2016-8222 identifier is the incorrect configuration of the Lenovo system mechanism of the Intel chipset - the Intel Management Engine on some models of ThinkServer laptops and computers.
The second vulnerability, identifier CVE-2016-8222, is somewhat similar to the previously known ThinkPwn vulnerability, which we already wrote about here . Vulnerability can allow an attacker to overwrite important system BIOS variables and cause SMM services of the microprocessor's operating mode, i.e., at the privilege level minus the second ring (-2).
About Intel Management Engine (ME) technology has recently been written several times already, including on habrahabr . In short, this is a whole software and hardware subsystem from Intel in the chipset that allows you to control a computer, including and remotely, regardless of the OS, and whether the computer itself is currently running or not. Intel ME uses system resources in its work, including some regions of physical memory and hardware functions of devices. At the same time, these resources used by Intel ME must be properly blocked from outside influence, for example, by an attacker who wants to modify Intel ME configuration parameters in order to run his code at the highest minus third (-3) level of privileges of the microprocessor. That's the kind of protection for the region of physical memory, Lenovo and forgot to install initially.
')
Vulnerability is a type of Local Privilege Escalation (LPE) and may allow an attacker to get the highest level of privilege minus the third ring (-3)
The LEN-9903 update is addressed to the following Lenovo notebooks.
ThinkServer TS150 and ThinkServer TS450 servers also need to be updated.
The second vulnerability is present in one of the drivers of the UEFI firmware of ThinkPad notebooks and allows an attacker, who has already received high administrator rights in the system, will go down to the second (-2) ring to run his code in SMM mode.
In turn, the compromised SMM mode of the microprocessor allows an attacker to compromise such protective technologies of Windows 10, which operate using a virtualization mechanism such as Device Guard and Credential Guard. Since the virtualization subsystem is executed on the -1 privilege ring, SMM code will not be difficult to bypass its protection mechanism.
We recommend that users install the appropriate updates.
be secure.
The second vulnerability, identifier CVE-2016-8222, is somewhat similar to the previously known ThinkPwn vulnerability, which we already wrote about here . Vulnerability can allow an attacker to overwrite important system BIOS variables and cause SMM services of the microprocessor's operating mode, i.e., at the privilege level minus the second ring (-2).
About Intel Management Engine (ME) technology has recently been written several times already, including on habrahabr . In short, this is a whole software and hardware subsystem from Intel in the chipset that allows you to control a computer, including and remotely, regardless of the OS, and whether the computer itself is currently running or not. Intel ME uses system resources in its work, including some regions of physical memory and hardware functions of devices. At the same time, these resources used by Intel ME must be properly blocked from outside influence, for example, by an attacker who wants to modify Intel ME configuration parameters in order to run his code at the highest minus third (-3) level of privileges of the microprocessor. That's the kind of protection for the region of physical memory, Lenovo and forgot to install initially.
')
Vulnerability is a type of Local Privilege Escalation (LPE) and may allow an attacker to get the highest level of privilege minus the third ring (-3)
The Intel Management Engine (ME) has been set up for hardware management. This is a process that will allow you to change the number of memory lines. This is what Lenovo systems discovered.
The LEN-9903 update is addressed to the following Lenovo notebooks.
- 110-14IBR / 110-15IBR
- B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch
- Ideapad 300-14IBR / 300-15IBR, Ideapad 300-14ISK / 300-15ISK / 300-17ISK, Ideapad 510S-12ISK
- K21-80, K41-80
- MIIX 710-12IKB, XiaoXin Air 12
- YOGA 510-14ISK / 510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK
ThinkServer TS150 and ThinkServer TS450 servers also need to be updated.
The second vulnerability is present in one of the drivers of the UEFI firmware of ThinkPad notebooks and allows an attacker, who has already received high administrator rights in the system, will go down to the second (-2) ring to run his code in SMM mode.
If you have any Windows administrator, you can get access to the system. BIOS variables or settings to be altered (such as the boot sequence). This option is not affected by this vulnerability.
This vulnerability could be a Microsoft Device Guard protections for systems running Windows 10.
In turn, the compromised SMM mode of the microprocessor allows an attacker to compromise such protective technologies of Windows 10, which operate using a virtualization mechanism such as Device Guard and Credential Guard. Since the virtualization subsystem is executed on the -1 privilege ring, SMM code will not be difficult to bypass its protection mechanism.
We recommend that users install the appropriate updates.
be secure.
Source: https://habr.com/ru/post/315744/
All Articles