Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation

Lavish Jhamb

Last updated on: December 19, 2022

Lenovo disclosed Multi-Vendor BIOS Security Vulnerabilities in September 2022 that affect multiple Lenovo devices. These are high severity vulnerabilities that have the potential of resulting in information disclosure, privilege escalation, and denial of service. Here are the related CVEs:  

  • CVE-2021-28216 – Tianocore reported a fixed pointer vulnerability in TianoCore EDK II BIOS that may allow an attacker with local access and elevated privileges to execute arbitrary code  
  • CVE-2022-40137 – A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code  
  • CVE-2022-40134 – An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory 
  • CVE-2022-40135 – An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory
  • CVE-2022-40136 – An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory  

As part of its remediation efforts, Lenovo has fixed these issues with the latest BIOS updates for impacted devices. Please refer to: Lenovo System Update for Windows 11, 10 & 7 (32-bit, 64-bit) – Desktop, Notebook, Workstation.

How Qualys Can Help 

Qualys helps streamline the patching process, enabling cybersecurity practitioners to write custom logic to detect vulnerable assets and remediate them by installing the Lenovo System Update. 

Qualys CSAM with External Attack Surface Management 

Leverage Qualys Cyber Security Asset Management (CSAM) to create a dynamic tag for all Lenovo assets with operating systems such as Windows 7, 10, and 11 with 32-bit or 64-bit architecture. Use the following Qualys Query Language (QQL) strings:  

(operatingSystem.name:'Windows 7' or operatingSystem.name:'Windows 10' or operatingSystem.name:'Windows 11') and (operatingSystem.architecture:`64-Bit` or operatingSystem.architecture:`32-Bit`) and hardware.manufacturer:'Lenovo' 
Fig. 1: Dynamic tag named ‘Lenovo system update’ has been created mentioned QQL 

Qualys Custom Assessment and Remediation 

Use Qualys Custom Assessment and Remediation to create scripts that check for vulnerable assets based on the BIOS version. Then distribute updates for software, drivers, and BIOS if the vulnerable BIOS version is detected. 

Reference this script under Qualys Script Library on GitHub: Lenovo System Update for Windows Desktop, Notebook, Workstation. This script can be used to:  

  • Check for vulnerable BIOS version on host 
  • Check for the latest Lenovo system update version, if a vulnerable BIOS version is detected 
  • Push the critical and recommended updates based on system update version 5.7.0.139 or greater  
  • Install the latest system update (i.e. system_update_5.07.0139.exe) and push the Critical and Recommended updates 
  • Patch and reboot 

Add this script under Qualys Custom Assessment and Remediation, and then execute it on the asset tag created above. 

Script execution will trigger a job to display the script output on each host. 

Fig3: Script output on of the tagged assets 

Conclusion 

Using Qualys CSAM’s exhaustive inventory information and our no-code scripting capabilities, it’s easy to remediate vulnerable Lenovo devices.  

If your organization is not yet a Qualys customer, make your Security Operations more productive and efficient within your enterprise’s existing processes, programs, and workflows without relying on IT Ops. Stop inventing new security processes to address immediate threats by using one unified platform, and one dashboard.  

Try It for Free  

Sign up for a no-cost trial of Qualys Custom Assessment and Remediation

Read More: 

Contributors

  • Mukesh Choudhary, Compliance Research Analyst, Qualys
  • Mohd Anas Khan, Compliance Research Analyst, Qualys
Share your Comments

Comments

Your email address will not be published. Required fields are marked *