Lenovo disclosed Multi-Vendor BIOS Security Vulnerabilities in September 2022 that affect multiple Lenovo devices. These are high severity vulnerabilities that have the potential of resulting in information disclosure, privilege escalation, and denial of service. Here are the related CVEs:
As part of its remediation efforts, Lenovo has fixed these issues with the latest BIOS updates for impacted devices. Please refer to: Lenovo System Update for Windows 11, 10 & 7 (32-bit, 64-bit) - Desktop, Notebook, Workstation.
Qualys helps streamline the patching process, enabling cybersecurity practitioners to write custom logic to detect vulnerable assets and remediate them by installing the Lenovo System Update.
Leverage Qualys Cyber Security Asset Management (CSAM) to create a dynamic tag for all Lenovo assets with operating systems such as Windows 7, 10, and 11 with 32-bit or 64-bit architecture. Use the following Qualys Query Language (QQL) strings:
(operatingSystem.name:'Windows 7' or operatingSystem.name:'Windows 10' or operatingSystem.name:'Windows 11') and (operatingSystem.architecture:`64-Bit` or operatingSystem.architecture:`32-Bit`) and hardware.manufacturer:'Lenovo'
Fig. 1: Dynamic tag named βLenovo system updateβ has been created mentioned QQL
Use Qualys Custom Assessment and Remediation to create scripts that check for vulnerable assets based on the BIOS version. Then distribute updates for software, drivers, and BIOS if the vulnerable BIOS version is detected.
Reference this script under Qualys Script Library on GitHub: Lenovo System Update for Windows Desktop, Notebook, Workstation. This script can be used to:
Add this script under Qualys Custom Assessment and Remediation, and then execute it on the asset tag created above.
Script execution will trigger a job to display the script output on each host.
Fig3: Script output on of the tagged assets
Using Qualys CSAM's exhaustive inventory information and our no-code scripting capabilities, it's easy to remediate vulnerable Lenovo devices.
If your organization is not yet a Qualys customer, make your Security Operations more productive and efficient within your enterprise's existing processes, programs, and workflows without relying on IT Ops. Stop inventing new security processes to address immediate threats by using one unified platform, and one dashboard.
Sign up for a no-cost trial of Qualys Custom Assessment and Remediation.