ThinkPwn exploit Zero Day Goes Secure Boot! Lenovo ThinkPads are at risk

ThinkPwn: A recently released exploit disables the firmware critical area registration protection on Lenovo ThinkPads and, possibly, laptops from other vendors.

The exploit essentially disables many of Windows' new security features, such as Secure Boot, Secure Mode and Credential Guard, which depends on how protected the firmware is.ThinkPwn

Dubbed ThinkPwn, the exploit was published earlier this week by a researcher named Dmytro Oleksiuk. The researcher did not share his findings with Lenovo before the vulnerability was published. This makes it a zero-day, that is, an exploit for which there are not yet available .

ThinkPwn targets a privilege escalation flaw in the Unified Extensible Firmware Interface (UEFI) driver, which allows an attacker to remove the flash write protection and run malicious code on SMM (System Management Mode), a privileged CPU mode .

According to Oleksiuk, exploit can be used to disable Secure Boot, a UEFI feature that cryptographically verifies the authenticity of the OS bootloader to prevent rootkits at boot level. The security loophole also violates Windows 10's Credential Guard feature, which uses virtualization security to prevent the theft of credentials. It can also do other "other bad things" according to the researcher.

According to Lenovo, the vulnerability found by Oleksiuk was not in its own UEFI code, but in an application provided to the company by an external partner who did not name it.

Please note that the problem has not yet been determined and that vulnerability could affect other vendors other than Lenovo. In ThinkPwn's release notes at GitHub, Oleksiuk reports that the vulnerability existed in the Intel reference code for 8-series chipsets but was not specified by 2014.

PoC: https://github.com/Cr4sh/ThinkPwn

More information

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).