UEFI Exploit Affects ThinkPads

If you're one of the millions of people that are running a ThinkPad laptop, keep reading. A "Zero Day" exploit has recently been discovered that manages to tunnel it's way in through the UEFI subsytem, bypass Windows security features and run and access scripts though the System Management Mode - and do a lot of damage. This exploit is called "ThinkPwn" as it currently affects ThinkPad laptops only. While it sounds bad, the exploit requires physical access to your computer, so at this point it will probably be somewhat easily contained. We'll try and keep you updated as more details emerge.

Lenovo says that the affected code is not in its own UEFI file, but in one provided by an independent BIOS vendor (IBV). The extent of the security concern is not yet known. At the moment, it is only known to affect Lenovo ThinkPad machines, but it is a real possibility that other vendors and PC manufacturers could also be affected. Lenovo itself says the issue could be “industry-wide”.

Source: WinBeta