Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

BIOS zero-day impacts Lenovo

  • 0
admin
Wednesday, 06 July 2016 / Published in Woo on Tech
Lenovo zero day warning

It wasn’t enough that one tech giant was making hot headlines because their products were literally a fire hazard, now computer manufacturer Lenovo is feeling the burn due to a recently disclosed vulnerability that could have a widespread impact on many of their computers. Dubbed “ThinkPwn” by its discoverer as a play on the popular Lenovo ThinkPad model, this particular weakness seems to impact the entire ThinkPad line going back several years as it’s a flaw embedded in the firmware of the chipset used in dozens of computer models, including, unfortunately, HP and motherboards made by component manufacturer Gigabyte, which are extremely popular amongst build-your-own PC enthusiasts. The ThinkPwn weakness appears within low-level code that provides core security infrastructure to the operating system that runs on top of it. If Microsoft Windows was your house, this code is a big crack in your foundation.

What this means for you:

Neither Lenovo or HP have disclosed which models are affected, but it seems widespread enough that Lenovo has issued an “industry-wide” warning. Presumably all affected manufacturers are working on security fixes, but none are available yet, so if you own an HP or Lenovo (or Gigabyte-powered PC), sit tight, make sure your antivirus is up to date, and remain vigilant.

How did this vulnerability come to impact so many computers? The hardware-layer code that powers the machine-OS interface (BIOS on older machines, UEFI on newer computers) is also written and updated by a small number of companies called Independent BIOS Vendors or IBVs, all of whom use a base set of code from chipset manufacturers like Intel and AMD. Like so many other widespread weakness, the proliferation of the flaw comes from everyone in the industry relying on a core set of code. Thank you, Mass Production!

bioslenovosecuritythinkpwnuefizero day

Recent Posts

  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...
  • The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    The $300 Laptop vs. The $1,300 Laptop: A Technology Investment Guide

    I have had this conversation more times than I ...
  • Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote Work Technology Setup: What Matters for Professional Services Firms

    Remote work is no longer a temporary arrangemen...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP