Lenovo Patches Arbitrary Code Execution Flaw

Lenovo Patches Arbitrary Code Execution Flaw (May 7, 2018)

Lenovo has addressed two security updates that address vulnerabilities which affect products in its “ThinkPad” line and “System x” servers. This first vulnerability addressed lies in “Secure Boot,” which is registered as “CVE-2017-3775,” and is rated as high-severity. The second vulnerability, registered as “CVE-2018-9063,” is a buffer overflow vulnerability rated as medium-severity.

Recommendation: Users and administrators should visit Lenovo’s Security Advisories, located here “https://support.lenovo.com/us/en/product_security/home,” and apply the necessary updates if they have not been already.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.