One of your first lines of defense against malware is to keep your devices updated. Security patches fix bugs and vulnerabilities that hackers use to get into your system, so staying updated is crucial.
The Russia-Ukraine conflict has been a hotbed of scams and hacks. Crooks will always take advantage of significant events to target fresh victims. Tap or click here for tips on five things you need to update now because of the Ukrainian war.
When an update rolls out covering more than 100 models of a particular brand, it’s time to listen. Lenovo just released security updates covering more than a million laptops vulnerable to malware. Keep reading for ways to protect your computer.
Here’s the backstory
On Monday, Lenovo published information on three BIOS vulnerabilities affecting more than 100 laptop models. The company credits Martin Smolár from ESET for reporting these issues.
In a related post, Smolár reveals that the first two vulnerabilities ESET researchers found, CVE-2021-3971 and CVE-2021-3972, affected drivers that were supposed to be used during the manufacturing process then deactivated before being shipped out. Unfortunately, they weren’t. Hackers can take advantage of these flaws to elevate user privileges and run commands and codes.
ESET discovered the third vulnerability, CVE-2021-3970, may allow an attacker with local access and elevated privileges to execute arbitrary code.
ESET reported the vulnerabilities to Lenovo on Oct. 11, 2021. Lenovo confirmed the vulnerabilities on Nov. 17 and published the security advisory on April 18, 2022.
A wide range of affected models
The list of vulnerable laptops includes ones under the IdeaPad, Legion, V15, Yoga and other lines. Here’s a list of 20 affected models:
- Flex 3-11ADA05 Laptop
- L3-15IML05 Laptop
- L340-15IRH Gaming Laptop
- Legion 5 Pro-16ACH6 Laptop
- Legion 7-16ACHg6 Laptop
- Legion S7-15ACH6 Laptop
- Legion Y540-15IRH Laptop
- Legion Y545 Laptop
- Legion Y7000-2019 Laptop
- Lenovo S14 G2 ITL
- S145-14API Laptop
- S540-13API Laptop
- Slim 7 Pro-14IHU5 Laptop
- Slim 9-14ITL05 Laptop
- V14 G1-IML Laptop
- V15 G1-IML Laptop
- V17 G2-ITL Laptop
- V340-17IWL Laptop
- Yoga 7-14ACN6 Laptop
- IdeaPad 3-14IGL05 Laptop
Go to Lenovo’s security advisory for the full list.
Update your laptop now
Go to pcsupport.lenovo.com/us/en/ and select Detect Product to download and install the Lenovo Service Bridge to automatically detect your product’s serial number.
You can also choose Browse Product to select your computer from the catalog. Once you have your product selected, take the following steps to download and install updates:
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Select BIOS/UEFI.
- Find your laptop on the table at Lenovo’s security advisory page. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site. Tap the download icon if the firmware matches the file from the table.