September 2022 Lenovo BIOS updates available for many computer models

Lenovo has published BIOS updates for virtually its entire line of computer models. Among other things, malicious code vulnerabilities have been fixed. If you own a Lenovo computer, you should ensure that the BIOS firmware is up to date.

Attackers could target multiple vulnerabilities and compromise your computer. The manufacturer rates the severity of the vulnerabilities as high.

The developers have fixed five security vulnerabilities. According to the official warning message, attackers need local access with extended rights in order to be able to successfully target the vulnerabilities. If so, they could leak information or even execute malicious code. Not all vulnerabilities affect all computer models.

If attackers successfully target a vulnerability, they could access the system management mode memory (SMM), among other things. This controls system-wide parameters such as hardware control and energy management. Access to the operating system would be conceivable via this.

To prevent attacks, the computer manufacturer has released secure firmware versions. These are available for countless models, including the desktop, smart office and ThinkPad series. Lenovo lists the affected models and current firmware versions here.

But not all security patches have been released yet. For some models like the ThinkCentre M720q, the updates are announced for the end of this month.