U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lenovo releases updates to fix Secure Boot flaw in servers and other issues

Lenovo has released security patches that address the High severity vulnerability CVE-2017-3775 in the Secure Boot function on some System x servers. The standard operator configurations disable signature checking, this means that some Server x BIOS/UEFI versions do not properly authenticate signed code before booting it. “Lenovo internal testing discovered some System x server BIOS/UEFI versions that, […]

Lenovo

Lenovo has released security patches that address the High severity vulnerability CVE-2017-3775 in the Secure Boot function on some System x servers.

The standard operator configurations disable signature checking, this means that some Server x BIOS/UEFI versions do not properly authenticate signed code before booting it.

“Lenovo internal testing discovered some System x server BIOS/UEFI versions that, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.” reads the security advisory.

“Lenovo ships these systems with Secure Boot disabled by default, because signed code is relatively new in the data center environment, and standard operator configurations disable signature checking.”

An attacker can exploit the vulnerability to execute unauthenticated code at the bootstrap of the affected system. The CVE-2017-3775 vulnerability impacts a dozen models, including Flex System x240 M5, x280 X6, x480 X6, x880, x3xxx series, and NeXtScale nx360 M5 devices.

Lenovo disclosed the complete list of impacted products and provided the related BIOS/UEFI update, it also explained that they ship with Secure Boot disabled by default.

Lenovo

Lenovo also issued a patch to address the CVE-2018-9063 buffer overflow in Lenovo System Update Drive Mapping Utility. -The flaw could be exploited by attackers for different kind of attacks, include the execution of arbitrary code on the target machine.

“MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) contains a local vulnerability where an attacker entering very large user ID or password can overrun the program’s buffer, causing undefined behaviors, such as execution of arbitrary code.” reads the security advisory.

“No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.”

The flaw could be easily exploited by an attacker entering very large user ID or password in order to overrun the program’s buffer. The attacker could potentially execute code with the MapDrv’s privileges.

Users need to update the application to Lenovo System Update version 5.07.0072 or later.

Users can launch Lenovo System Update to automatically checks for newer versions and accept the update if present, otherwise it is possible to manually update the application downloading the latest app version from the company website.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Lenovo System Update, CVE-2017-3775)

[adrotate banner=”5″]

[adrotate banner=”13″]