The ThinkPwn vulnerability which has been in the news lately, which allows attackers to disable Secure Boot and bypass Virtual Secure Mode on Win10 Enterprise as well as disabling flash write protection turns out not to be yet another questionable Lenovo feature. Instead the problem lies with the motherboards UEFI, specifically the Intel System Management Mode implemented on Gigabyte motherboards. So far the issue has been located on Z68-UD3H, Z77X-UD5H, Z87MX-D3H, and Z97-D3H but it is possible that the vulnerability exists on far more motherboards, perhaps even beyond Gigabyte as the flaw is in the Intel code. The Register also postulates this could effect HP Pavilion machines as they use these boards as well.
"Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors."
Here is some more Tech News from around the web:
- Microsoft wants to push biz users onto Windows 10 Enterprise Edition @ The Inquirer
- Build A 3D Printer Workhorse, Not an Amazing Disappointment Machine @ Hack a Day
- KDE Plasma 5.7 Released @ Slashdot
- Mac OS X malware threat lets hackers access webcams via Tor backdoor @ The Inquirer
- Word hole patched in 2012 is 'unchallenged' king of Office exploits @ The Register