The Russia-Ukraine conflict has been a hotbed of scams and hacks. Crooks will always take advantage of significant events to target fresh victims. Tap or click here for tips on five things you need to update now because of the Ukrainian war. When an update rolls out covering more than 100 models of a particular brand, it’s time to listen. Lenovo just released security updates covering more than a million laptops vulnerable to malware. Keep reading for ways to protect your computer.

Here’s the backstory

On Monday, Lenovo published information on three BIOS vulnerabilities affecting more than 100 laptop models. The company credits Martin Smolár from ESET for reporting these issues. In a related post, Smolár reveals that the first two vulnerabilities ESET researchers found, CVE-2021-3971 and CVE-2021-3972, affected drivers that were supposed to be used during the manufacturing process then deactivated before being shipped out. Unfortunately, they weren’t. Hackers can take advantage of these flaws to elevate user privileges and run commands and codes. ESET discovered the third vulnerability, CVE-2021-3970, may allow an attacker with local access and elevated privileges to execute arbitrary code. ESET reported the vulnerabilities to Lenovo on Oct. 11, 2021. Lenovo confirmed the vulnerabilities on Nov. 17 and published the security advisory on April 18, 2022.

A wide range of affected models

The list of vulnerable laptops includes ones under the IdeaPad, Legion, V15, Yoga and other lines. Here’s a list of 20 affected models:

Flex 3-11ADA05 LaptopL3-15IML05 Laptop L340-15IRH Gaming LaptopLegion 5 Pro-16ACH6 LaptopLegion 7-16ACHg6 LaptopLegion S7-15ACH6 Laptop Legion Y540-15IRH LaptopLegion Y545 Laptop Legion Y7000-2019 LaptopLenovo S14 G2 ITLS145-14API Laptop S540-13API Laptop Slim 7 Pro-14IHU5 LaptopSlim 9-14ITL05 Laptop V14 G1-IML Laptop V15 G1-IML LaptopV17 G2-ITL Laptop V340-17IWL LaptopYoga 7-14ACN6 LaptopIdeaPad 3-14IGL05 Laptop

Go to Lenovo’s security advisory for the full list.

Update your laptop now

Go to pcsupport.lenovo.com/us/en/ and select Detect Product to download and install the Lenovo Service Bridge to automatically detect your product’s serial number. You can also choose Browse Product to select your computer from the catalog. Once you have your product selected, take the following steps to download and install updates:

Click Drivers & Software on the left menu panel.Click on Manual Update to browse by Component type.Select BIOS/UEFI.Find your laptop on the table at Lenovo’s security advisory page. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site. Tap the download icon if the firmware matches the file from the table.

Keep reading

Time to update Chrome again – Steps to get the emergency patch Why you should update your smartphone ASAP