Lenovo, a single of the most preferred personal computer suppliers in the earth, just announced that lots of of its laptops and desktops will need quick BIOS updates to secure them from critical safety vulnerabilities. 6 flaws have been found having said that, none have been described as currently being actively exploited therefore far.
Lenovo lists the affected types, which vary from desktops and all-in-types to laptops and even servers. Versions include numerous IdeaCentre, ThinkCentre, ThinkStation, ThinkSystem, Legion, M-sequence, V-collection, and Yoga desktops and all-in-types. A substantial quantity of laptops are influenced as perfectly, such as IdeaPad, ThinkPad, ThinkBook, Legion, Yoga, and Flex products.
There are hundreds of laptop types affected and absolutely everyone that owns a Lenovo laptop computer, desktop, or server should look at if their product is on the listing.
The vulnerabilities could direct to elevated privileges for attackers, unauthorized accessibility to details, denial of services, and even arbitrary code execution. Not every model is influenced by each individual bug detailed but Lenovo didn’t itemize by model. The entire CVE record reveals 5 vulnerabilities: CVE-2021-28216, CVE-2022-40134, CVE-2022-40135, CVE-2022-40136, and CVE-2022-40137. American Megatrends released protection enhancements for its AMI BIOS, which is applied by Lenovo, but there isn’t a CVE out there for this vulnerability.
Lenovo provided inbound links to download the expected updates. For Lenovo Merchandise, look for for your product on Lenovo’s assist site, and for IBM-branded products, search IBM’s Resolve Central web site. Lenovo also has a tutorial page with unique recommendations for each and every model if you require additional aid.
BleepingComputer very first spotted Lenovo’s critical BIOS update. Make guaranteed to look at if your Lenovo laptop, computer system, or server is afflicted and update as shortly as possible to retain your facts, network, and laptop or computer secure.