On July 3, iGuRu.gr posted a vulnerability to SMM BIOS that affects Lenovo devices (specifically ThinkPad and IdeaPad).
Today our company sent an official announcement - response to the article “ThinkPwn exploit Zero Day Secure Boot is gone! Lenovo ThinkPads are at risk. ”
We quote the email as we received it:
"Following a recent post on the issue of SMM vulnerability, we forward the official statement of the company:
Official Statement on Vulnerability of SMM
Lenovo's Product Security Incident Response Team (PSIRT) has been informed of allegations by an independent researcher about SMM BIOS vulnerability affecting certain Lenovo ThinkPad and IdeaPad devices.
PSIRT has made a lot of effort to work with the independent researcher with regard to this vulnerability, but without success.
We are working on developing a solution that will be announced as soon as it is available on the Lenovo Product Security Advisories web site.
https://support.lenovo.com/us/en/product_security/home”
Let us mention our finding of the company's interest in informing the public. We believe that direct consumer awareness of security issues by the company is a very professional practice, unfortunately not adopted by everyone.
Lenovo's well-established practice of informing the consumer public about safety issues and not hiding them "under the rug" confirms the company's priorities and awareness for the provision of high quality services in every field and especially in security.