On July 3rd iGuRu.gr posted about a vulnerability in SMM BIOS that also affects Lenovo devices (specifically ThinkPad and IdeaPad).
Today the companys sent us an official announcement – a response to the article “ThinkPwn exploit Zero Day Secure Boot is gone! Lenovo ThinkPads are at risk. ”
We quote the email as we received it:
"Following a recent publication regarding theme vulnerability of SMM, we forward you the official statement of the company:
Official Statement on Vulnerability of SMM
Lenovo's Product Security Incident Response Team (PSIRT) has been informed of allegations by an independent researcher about SMM BIOS vulnerability affecting certain Lenovo ThinkPad and IdeaPad devices.
PSIRT has made a lot of effort to work with the independent researcher with regard to this vulnerability, but without success.
We are working on developing a solution which will be announced as soon as it is available, at by clicking here Lenovo Product Security Advisories web site.
https://support.lenovo.com/us/en/product_security/home”
Let us mention our finding of the company's interest in informing the public. We believe that direct consumer awareness of security issues by the company is a very professional practice, unfortunately not adopted by everyone.
Lenovo's well-established practice of informing the consumer public about safety issues and not hiding them "under the rug" confirms the company's priorities and awareness for the provision of high quality services in every field and especially in security.