On Sat, 9 Jul 2016 18:13:02 -0400 (EDT) "D. Hugh Redelmeier via talk" <talk@gtalug.org> wrote:

<http://www.itnews.com.au/news/lenovo-hunts-bios-backdoor-bandits-430208> <http://www.itnews.com.au/news/lenovo-thinkpad-zero-day-bypasses-windows-security-430090> <https://github.com/Cr4sh/ThinkPwn> <https://support.lenovo.com/ca/en/solutions/LEN-8324> Summary: a call-out from SMM code can lead to privilege escalation. This code seems to have originated at Intel. Lots of machines will have this bug.

this is not a bug, it is more of a feature/functionality and as with anything that makes things easy (as in power management, etc), it also makes things less secure I do understand that for LENOVO this is a "bug" as they did not anticipate that this feature could be used to override their security (infiltrated by their own ibv ) a quick google search confirms this... http://phrack.org/issues/65/7.html not secret/mystical much... www.intel.com/content/dam/www/public/us/en/documents/reference-guides/efi-smm-cis-v09.pdf as always ymmv Andre

(SMM == System Management Mode, an almost secret and magical part of the firmware that can run at any time without the OS or user program knowing or controlling it. It has even more privilege than the kernel.)

I expect firmware updates conscientious manufacturers for many many systems.

I have no idea how easy this is to exploit. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk