Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Zero-day exploit bypasses Windows security features, affects Lenovo ThinkPads

2 min. read

Published onJuly 2, 2016

published onJuly 2, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

A zero-day exploit has been discovered in a Unified Extensible Firmware Interface (UEFI) driver, this exploit allows the attacker to remove the write protection that is on the flash memory, giving them open-ended access to run any scripts that they wish on the System Management Mode, which is normally a privileged operating mode for the CPU.

The exploit has been dubbed ThinkPwn, a play on words of ThinkPad and Pwned. Once the attacker has used ThinkPwn to open the machine to attack, they can disable Secure Boot which is used to verify the authenticity of an OS bootloader, in order to prevent rootkits at the boot-level. After Secure Boot is disabled, Windows security features can then be accessed and disabled, too. One of those features is Credential Guard, which is used to keep enterprise domain credentials secure, amongst other pieces of data.

Lenovo says that the affected code is not in its own UEFI file, but in one provided by an independent BIOS vendor (IBV). The extent of the security concern is not yet known. At the moment, it is only known to affect Lenovo ThinkPad machines, but it is a real possibility that other vendors and PC manufacturers could also be affected. Lenovo itself says the issue could be “industry-wide”. The only slightly positive in all of this is that, in order to attack a machine, you need physical access to it, as the UEFI can only be accessed physically, and would require a USB flash drive.

You can read more about the exploit by the researcher who discovered ithere.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina