Table of contents
- Does Lenovo have security issues?
- Driver security risk for Lenovo laptop users
- Vulnerabilities related to BIOS in Lenovo laptops
- Updating the BIOS of Lenovo laptops
- Affected Models
- Is Lenovo Safe?
Does Lenovo have security issues?
Some Lenovo laptops have serious security concerns that could let hackers alter the boot settings and firmware.
Lenovo lists over 70 vulnerabilities on its website. There are several of them below.
| ID | Summary |
|---|---|
| CVE-2022-3430 | WMI Setup driver vulnerability |
| CVE-2022-3431 | Secure boot settings vulnerability |
| CVE-2022-3432 | Ideapad Y700-14ISK boot setting vulnerability |
| CVE-2021-3971 | UEFI driver vulnerability |
| CVE-2021-3972 | UEFI driver vulnerability |
Luckily, you can fix almost all of the Lenovo security issues by installing the latest firmware updates from the Lenovo website.
You can also use Clario AntiSpy to check your device for malicious apps and secure your online privacy:
- Download Clario AntiSpy and get a subscription to create an account.
- Go to Anti Spy scan > Start scan.
- Wait for the scan to complete and follow the on-screen instructions on how to get rid of the threats on your computer.
Driver security risk for Lenovo laptop users
Lenovo, like many other major manufacturers, has faced driver security vulnerabilities in the past. For example, in late 2021, Lenovo discovered two data protection vulnerabilities that were introduced into the BIOS image of some of their computers.
We’ll explain some key vulnerabilities below, as well as how you can update and secure your Lenovo laptop.
Vulnerabilities related to BIOS in Lenovo laptops
Many security vulnerabilities facing Lenovo laptops affect the Unified Extensible Firmware Interface (UEFI) secure boot process. Some examples include:
- CVE-2021-3971 and CVE-2021-3972: Two (UEFI) drivers that were only meant to be used while the laptops were being built, but ended up sticking around in the firmware and allowing hackers to install malware while the system boots up.
- CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432: Lenovo Notebook BIOS vulnerabilities that let attackers modify secure boot settings.
Updating the BIOS of Lenovo laptops
To update your Lenovo laptop and remove these vulnerabilities, do the following:
- Navigate to support.lenovo.com.
- Select View PC Support, then use the search bar to find your laptop model.
- Click on Drivers & Software in the left-hand panel.
- Select Select Drivers under Manual Update.
- Perform all recommended updates, starting with the BIOS/UEFI updates.
Affected Models
Below is the complete list of affected Lenovo models. If your laptop is on this list, we recommend following the instructions above to update your firmware as soon as possible. If you’ve already fallen victim, here’s what to do if your computer has been hacked.
Is Lenovo Safe?
All laptops, including Lenovo, could potentially have firmware vulnerabilities that allow hackers to interfere with the system even before the operating system loads. To help ensure firmware security, you should consistently check and use the updates that Lenovo releases. In the meantime, don’t forget to use Clario AntiSpy to protect your devices from intrusive spyware.
