One of the most well-known computer manufacturers in the world, Lenovo, recently declared that numerous laptops and desktops require immediate BIOS updates to protect them from significant security flaws. Six weaknesses have been discovered, although none have been acknowledged as having been used in any way.
The impacted devices are listed by Lenovo and include anything from desktops and all-in-ones to laptops and even servers. Various IdeaCentre, ThinkCentre, ThinkStation, ThinkSystem, Legion, M-series, V-series, and Yoga desktop and all-in-one models are among the available ones. Numerous laptop models, including the IdeaPad, ThinkPad, ThinkBook, Legion, Yoga, and Flex series, are also impacted.
Numerous computer models are impacted, so anyone who owns a Lenovo laptop, desktop, or server should check to see if their particular model is included.
The flaws might provide attackers elevated rights, unrestricted access to data, denial of service, or even the ability to execute arbitrary code. Lenovo does not identify the bugs by model, although not every model is impacted by every one. The five vulnerabilities CVE-2021-28216, CVE-2022-40134, CVE-2022-40135, CVE-2022-40136, and CVE-2022-40137 are all listed on the complete CVE list. There isn’t a CVE for this vulnerability, although American Megatrends released security updates for its AMI BIOS, which is utilised by Lenovo.
Lenovo supplied download links for the necessary updates. For IBM-branded products, visit IBM’s Fix Central page. For Lenovo products, search your model on the Lenovo support page. If you require additional assistance, Lenovo also has a tutorial page with detailed instructions for each model.
The crucial BIOS update for Lenovo was initially discovered by BleepingComputer. To keep your data, network, and computer secure, be sure to find out if your Lenovo laptop, computer, or server is impacted and upgrade as soon as you can.
