It is always a good idea to update your computer’s operating system and software to the latest versions. This ensures that any security vulnerabilities are patched and that hackers can’t breach your data..
But sometimes, an update doesn’t go according to plan. This is what happened with Lenovo, as a seemingly routine firmware update left dozens of laptop models vulnerable to attack.
Read on about how this happened and what you can do about it.
Here’s the backstory
Where Microsoft rolls out updates for its operating system, laptop manufacturers develop firmware updates for computers’ internal components. These updates ensure that the components work as securely as possible without creating vulnerabilities.
But a recent factory-installed update to some Lenovo laptops disabled critical security features. Cybersecurity company ESET is credited for making the discovery.
A vulnerability used during the manufacturing process on some Lenovo Notebooks was mistakenly not deactivated. This may allow an attacker with elevated privileges to bypass the secure boot process and install malicious applications. Translation: Someone with the right know-how could take over your machine and plant malware.
The flaws are tracked as CVE-2022-3430, CVE-2022-3431 and CVE-2022-3432.
Now here’s the good news: A new update is available to fix these dangerous flaws.
Here are the models impacted by the flaw:
- D330-10IGL Laptop (ideapad)
- IdeaPad 5 Pro 16ARH7
- IdeaPad 5 Pro 16IAH7
- IdeaPad Duet 3 10IGL5
- Lenovo Slim 7 16ARH7
- Lenovo ThinkBook 15p IMH
- S540-15IML Laptop (ideapad)
- Slim 7 Pro 16ACH6 Laptop (IdeaPad)
- Slim 7-14ARE05 Laptop (ideapad)
- Slim 7-14IIL05 Laptop (ideapad)
- Slim 7-14ITL05 Laptop (ideapad)
- Slim 7-15IIL05 Laptop (ideapad)
- Slim 7-15IMH05 Laptop (ideapad)
- Slim 7-15ITL05 Laptop (ideapad)
- ThinkBook 13x ITG Laptop
- ThinkBook 14 G2 ARE Laptop
- ThinkBook 14 G2 ITL Laptop
- ThinkBook 14 G3 ACL Laptop
- ThinkBook 14 G3 ITL Laptop
- ThinkBook 14 G4 ABA Laptop
- ThinkBook 14 G4+ ARA
- ThinkBook 14 G4+ IAP Laptop
- ThinkBook 14p G3 ARH
- ThinkBook 14s Yoga ITL
- ThinkBook 15 G2 ARE Laptop
- ThinkBook 15 G2 ITL Laptop
- ThinkBook 15 G3 ACL Laptop
- ThinkBook 15 G3 ITL Laptop
- ThinkBook 15 G4 ABA Laptop
- ThinkBook 15P G2 ITH
- ThinkBook 16 G4+ ARA
- ThinkBook 16 G4+ IAP Laptop
- ThinkBook 16p G3 ARH
- ThinkBook 16p NX ARH
- ThinkBook Plus G2 ITG
- ThinkBook Plus G3 IAP
- Yoga Creator 7-15IMH05 Laptop (ideapad)
- Yoga Duet 7-13IML05
- Yoga Duet 7-13ITL6
- Yoga Duet 7-13ITL6-LTE
- Yoga Slim 7 Carbon 13ITL5 (ideapad)
- Yoga Slim 7 Pro 16ACH6 Laptop (IdeaPad)
- Yoga Slim 7 Pro 16ARH7
- Yoga Slim 7-13ACN05 Laptop (ideapad)
- Yoga Slim 7-13ITL05 Laptop (ideapad)
- Yoga Slim 7-14ARE05 Laptop (ideapad)
- Yoga Slim 7-14IIL05 Laptop (ideapad)
- Yoga Slim 7-14ITL05 Laptop (ideapad)
- Yoga Slim 7-15IIL05 Laptop (ideapad)
- Yoga Slim 7-15IMH05 Laptop (ideapad)
- Yoga Slim 7-15ITL05 Laptop (ideapad)
- ideapad 5 Pro-16ACH6 Laptop
- ideapad 5 Pro-16IHU6 Laptop
- ideapad Creator 5-16ACH6 Laptop
What you can do about it
You must update your computer immediately if you have any of the Lenovo laptops listed above. You might as well update even if you’re unsure about yours.
The update isn’t available as a normal download through the usual Windows channels, but it’s a simple installation process:
- On your Lenovo laptop, navigate to the support page at .
- Enter your laptop’s model number or product code into the search box and hit Enter or click the magnifying glass button.
- Alternatively, click on the Detect Product option, and the website will determine which laptop you have.
With either option, a Lenovo Service Bridge window will pop up to determine which drivers you have and which ones you still need. Remember that you might have to download the Lenovo Service Bridge software first.
Once the scanning process is complete, a new window will open that shows you which drivers, firmware and software updates are available. If you don’t see the latest UEFI firmware, click on Manual Update and then on BIOS/UEFI and download the file from there.