back to article Lenovo issues firmware updates after UEFI vulnerabilities disclosed

Security researchers have spotted fresh flaws in Lenovo laptops just months after the vendor patched a bunch of its products. The PC maker has now fixed the trio of bugs, which were flagged up by ESET this week. More than 70 models were impacted by this latest issue, including a number of ThinkBook devices. The vulnerabilities …

  1. Gene Cash Silver badge

    "asked Lenovo why this seems to keep happening"


    That's why I love El Reg so much.

  2. John Brown (no body) Silver badge

    For any who don't already know...

    ...go here ( end enter your serial number and then go to the driver & software section. The auto download will find all drivers and firmware updates and install them using their app which will be/can be downloaded, or manually update from the list of available updates. Lenovo may be as shonky as most OEMs, but they do provide pretty much everything you might need to update or repair their kit yourself in terms of drivers and documentation, something I find certain other brands are a lot more reticent about.

    (You may need to click the national flag at top right to select your local country)

    1. ITMA Silver badge

      Re: For any who don't already know...

      Except their Service Bridge and Lenovo Updater keep flagging a BIOS update on our X131e "door wedges" yet NONE of the methods for downloading and installing the BIOS update work.

      They all FAIL and have done for MONTHS.

      1. Roland6 Silver badge

        Re: For any who don't already know...

        The X131e (and all Thinkpads) isn't on the Lenovo list of laptops affected by this vulnerability (see link in article).

        However, I've also had BIOS/NVME/UEFI updates that have failed on first attempt this year.

        I found sequence to generally be reliable:

        1. ensure all other updates have been installed

        2. disable the AV software so that it doesn't restart on a reboot

        3. as local admin, install only one BIOS etc. update at a time.

        4. reboot and re-enable AV software.

        Only issue I've had is that it has taken a couple of loops around (allow a few days between each iteration) to get the NVME update to install.

    2. Anonymous Coward
      Anonymous Coward

      Re: For any who don't already know...

      Install the Lenovo System Update. It scans the drivers and firmware versions and you deselect components if necessary before patching. Fast and simple to use.

    3. Annihilator

      Re: For any who don't already know...

      It's certainly waaaay better than it used to be under IBM's remit and the early Lenovo days. I remember the P in the A it was to pull together the drivers required for a fresh Windows install (back when it all had to be done manually) on, say, an old T610. Selecting the right network drivers alone was a nightmare - have I got Intel WiMAX 6250 AGN, Intel Wireless LAN (11abgn, 11bgn, 11ac), Intel Wireless LAN (11bgn) or ThinkPad 11b/g/n Wireless LAN Mini-PCI Express Adapter II. Nothing evident on the machine itself. There are also driver selections for Huawei or Leadcore wireless drivers. The driver was also a self-executable that simply extracted all the files to C:\THINKPAD, so no downloading to a thumbdrive, it was download, run all the exe files, then copy to a thumbdrive and hope you had the right ones.

      In Lenovo's praise though, they're all still there in the end-of-life section:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like