July 1, 2016
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well. Many new Windows security features, like Secure Boot, Virtual Secure Mode and Credential Guard, depend on the low-level firmware being locked down.
The exploit, dubbed ThinkPwn, was published earlier this week by a researcher named Dmytro Oleksiuk, who did not share it with Lenovo in advance. This makes it a zero-day exploit — an exploit for which there is no patch available at the time of its disclosure.
ThinkPwn targets a privilege escalation flaw in a Unified Extensible Firmware Interface (UEFI) driver, allowing an attacker to remove the flash write protection and to execute rogue code in the SMM (System Management Mode), a privileged operating mode of the CPU.