HomeWinBuzzer NewsZero-Day Exploit Found in Lenovo ThinkPads Bypasses Windows Security Features

Zero-Day Exploit Found in Lenovo ThinkPads Bypasses Windows Security Features

A vulnerability found in the UEFI driver of Lenovo's ThinkPad allows hackers to bypass new Windows security features and remove write protection on flash memory.


As revealed by researcher Dmytro Oleksiuk, a new zero-day exploit can disable the write protection on the device's flash memory, allowing the attacker to run scripts in System Management Mode.

Using this privileged mode usually reserved for the CPU, the hacker then can run scripts to disable SecureBoot, a protocol that verifies the OS bootloader to stop rootkits. From there, measures such as Credential Guard can be disabled, a feature used to keep enterprise domain credentials secure, among other data.

has stated that the exploit is found not in its own code, but some provided by an Independent BIOS Vendor (IBV). According to Oleksiuk, this means “it's 100% that there's others OEM's [Original Equipment Manufacturer's] that have this vuln in their products,” and could have consequences across the industry. The vulnerability appears to be present in reference code for its 8-series chipsets, but was fixed in 2014.

The Effects Moving Forward

Stating that several unsuccessful attempts were made to co-operate with the researcher before the exploit was posted to , Lenovo announced they have “actively undertaken [their] own investigation, which remains ongoing,” and will release a fix as soon as possible. They echo Oleksiuk's statement by confirming that they work with the industries three largest IBV's and that the scope of impact is industry wide.

The vulnerability currently requires physical access to the device, but the researcher warns on GitHub that it could be refined further to bypass this drawback through malware. He also confirms that one of his followers has had success running the code on a HP Pavilion laptop.

The full implications of the vulnerability and the number of devices it effects is still unclear. For now, users are recommended to wait for a fix and not do anything drastic, as similar techniques have been persistent even after the hard drive has been wiped.

You can keep up to date with the fix by checking Lenovo's Security Advisories page.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News