The vulnerabilities affect 25 devices across the ThinkBook, Yoga and IdeaPad ranges in total, although not all these devices are affected by both vulnerabilities. As these devices are heavily used in business settings, employees could be adversely affected by the flaw and potentially sustain damage to sensitive data.
The flaw, which sits within a driver in the affected devices, allows for attackers to alter a variable in non-volatile random access memory (NVRAM) to modify the secure boot setting of a device. This was not due to an error in the code of the affected drivers, but rather because the affected devices were mistakenly equipped with drivers intended for use only during manufacturing, with relaxed control over secure boot settings from within the OS.
Lenovo ThinkPad: UEFI settings bricks devices
When you use Intune to manage Autopilot devices, you can manage UEFI (BIOS) settings after they're enrolled using the Device Firmware Configuration Interface (DFCI). For an overview of benefits, scenarios, and prerequisites, see Overview of DFCI.
If you want to change existing DFCI settings on devices that are in use, you can. In your existing DFCI profile, change the settings, and save your changes. Since the profile is already assigned, the new DFCI settings take effect when: 2ff7e9595c
Comments