Lenovo Caught With Its Hand In The Vulnerability Jar Again


Another day, another security flaw, and again this time, the association who is the central issue, although this time, this may seem strange at Intel’s feet more than a laptop computer manufacturers fell.

security researchers Dymtro “Cr4sh” Oleksiuk share a security vulnerability, he Lenovo computer, as well as at least one detail made from HP. The vulnerability itself is theoretically could allow an attacker to find a solution built-in Microsoft Windows operating system’s basic security system in their own way, and the question itself is considered to be created by copying the code Intel creates a firmware drivers caused. It is for this reason that Intel may be the hook here.

For its part, Lenovo said, firmware itself is not creation, but a third party. No names or specific third-party accusations, Lenovo said it attempted to contact Oleksiuk directly before he made the information public, but failed. Lenovo does, however, went on to say that this is going to work to correct the problem relates to its partners along the way. You can bet your bottom dollar that one of these partners, will be Intel.

Although there has not been a huge recommends that the vulnerability could be placed there deliberately so that a back door to enter on their systems, Lenovo has said it will investigate what the vulnerable code was originally designed, this talk show about the possibilities within the company has been a.

code SMM vulnerabilities package was provided by Intel over the IBV to develop a common code base. Importantly, because the association did not develop and is still in a vulnerable SMM code to determine the original author’s identity in the process, it does not know its originally intended purpose. However, as part of ongoing investigations, Lenovo is engaged in all IBVs, and Intel confirm or rule out the presence of Lenovo BIOS to provide loopholes by other IBVs, any other instances, as well as the original intention of vulnerable code.


This is not the first time, Lenovo has caught transportation machines for suspicious applications and code Installation , so we expect it to pull out in order to make things better this time around all the stops

(source: Cr4sh [on GitHub] ).

You might also want to look at:

You can follow our microblogging , add us to your circle Google+ of or like our Facebook page , to keep yourself updated all the latest products from Microsoft, Google, Apple and networks.

Related stories

positions like this on Facebook