ThinkPwn a security threat for the ThinkPad series

ThinkPwn a security threat for the ThinkPad seriesWindows security features such as Virtual Secure Mode, Secure Boot etc. are be contingent on low-level firmware been tamper-proof. An exploit that can disable the write-protection on critical firmware in ThinkPads from Lenovo.

The firmware labeled ThinkPwn was published earlier this week for which there is no patch available at the time of release. It targets flaw in the UEFI (Unified Extensible Firmware Interface) driver and giving access the hacker to execute rough codes in the SMM (System Management Mode) by disabling the write protection. UEFI is meant to standardize modern computer firmware through a reference specification. It is designed as a standby for the BIOS (Basic Input/Output System).

ThinkPwn is executed as a UEFI application which can be accomplished from a flash drive with the help of UEFI shell which require a physical connection to the machine. The PC manufacturers take enactments from IBVs (Independent Bios Vendors) and customize them themselves. Lenovo has betrothed its IBVs and Intel as well to classify and discard any vulnerabilities in the BIOS.

This susceptibility might affect other manufacturers as well. According to a report, the old Intel code having this kind of imperfection is present in the OEM of other IBVs.