On July 3, iGuRu.gr published about a vulnerability στο SMM BIOS που επηρεάζει και Appliances of Lenovo (specifically the ThinkPad and IdeaPad).
Today our company sent an official announcement - response to the article “ThinkPwn exploit Zero Day Secure Boot is gone! Lenovo ThinkPads are at risk. ”
We quote the email as we received it:
"Following a recent post on the issue of SMM vulnerability, we forward the official statement of the company:
Official Statement on Vulnerability of SMM
Lenovo's Product Security Incident Response Team (PSIRT) has been informed of allegations by an independent researcher about SMM BIOS vulnerability affecting certain Lenovo ThinkPad and IdeaPad devices.
PSIRT has made a lot of effort to work with the independent researcher with regard to this vulnerability, but without success.
We are working on developing a solution that will be announced as soon as it is available on the Lenovo Product Security Advisories web site.
https://support.lenovo.com/us/en/product_security/home”
To mention our finding about the company's interest in informing the public. We believe that the immediate information of the consumer public about issues security by the company is a very professional practice, which unfortunately is not adopted by everyone.
Lenovo's well-established practice of informing the consumer public about safety issues and not hiding them "under the rug" confirms the company's priorities and awareness for the provision of high quality services in every field and especially in security.