On July 3rd iGuRu.gr posted about a vulnerability in SMM BIOS that also affects Lenovo devices (specifically ThinkPad and IdeaPad).
Today the companys sent us an official announcement – a response to the article “ThinkPwn exploit Zero Day Secure Boot is gone! Lenovo ThinkPads are at risk. ”
We quote the email as we received it:
"Following a recent post on the issue of SMM vulnerability, we forward the official statement of the company:
Official Statement on Vulnerability of SMM
Lenovo's Product Security Incident Response Team (PSIRT) has been informed of allegations by an independent researcher about SMM BIOS vulnerability affecting certain Lenovo ThinkPad and IdeaPad devices.
PSIRT has made a lot of effort to work with the independent researcher with regard to this vulnerability, but without success.
We are working on developing a solution that will be announced as soon as it is available on the Lenovo Product Security Advisories web site.
https://support.lenovo.com/us/en/product_security/home”
To mention our finding about the company's interest in informing the public. We believe that the immediate information of the consumer public on issues security from the company is a very professional practice, which unfortunately is not adopted by everyone.
Lenovo's well-established practice of informing the consumer public about security issues and not hiding them "under the carpet" confirms the company's priorities and awareness of providing high service in every area and especially in better safety.