Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

0day exploit bypasses Windows security features, affects Lenovo ThinkPads


0day exploit bypasses Windows security features, affects Lenovo ThinkPads

A zero-day exploit has been discovered in a Unified Extensible Firmware Interface (UEFI) driver, this exploit allows the attacker to remove the write protection that is on the flash memory, giving them open-ended access to run any scripts that they wish on the System Management Mode, which is normally a privileged operating mode for the CPU.

The exploit has been dubbed ThinkPwn, a play on words of ThinkPad and Pwned. Once the attacker has used ThinkPwn to open the machine to attack, they can disable Secure Boot which is used to verify the authenticity of an OS bootloader, in order to prevent rootkits at the boot-level. After Secure Boot is disabled, Windows security features can then be accessed and disabled, too. One of those features is Credential Guard, which is used to keep enterprise domain credentials secure, amongst other pieces of data.

Lenovo says that the affected code is not in its own UEFI file, but in one provided by an independent BIOS vendor (IBV). The extent of the security concern is not yet known. At the moment, it is only known to affect Lenovo ThinkPad machines, but it is a real possibility that other vendors and PC manufacturers could also be affected. Lenovo itself says the issue could be “industry-wide”. The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive.

You can read more about the exploit by the researcher who discovered it <a href="http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html">here</a>


Comments
Futility's avatar
Futility 3 years ago

Cool stuff, can’t wait to see it! If y’all need anything to help ensure things run smoothly, you know how to reach me.

Mordak's avatar
Mordak 3 years ago

@Futility I have a task list the size of Texas to go over to get the deploy ready and then another todo list the same size once the deploy is done !!

I can say currently that we will be looking for volunteers to help with a huge number of things from front-end, graphics, SlackBots, Challenge Coding, testing, content writing, content conversion, moderators, and to be honest loads more. Going live is really just the start, once were live I will reach out for any help you can offer ! Thanks

Huitzilopochtli's avatar
Huitzilopochtli 3 years ago

A global pandemic and a new HBH, this has been the best year ever.