Lenovo UEFI Shenanigans Again

(Mods feel free to move this if there is a better category).

So I learned something about UEFI and Windows 8 today. There is a UEFI extension called Windows Platform Binary Table that is present in UEFI as far back as 2011 and Windows 8 or newer will automatically run/install this executable if it finds it. Whaaaaaaaa?

Lenovo apparently needed that functionality on windows 7 and hacked the crap out of the UEFI to replace the autochk.exe file with a Lenovo version from the UEFI.

This really sucks, and seems crazy to me?

http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693

You can check your system (win8) for vendor-installed binaries from the UEFI [from the article]:
Windows 8 and up: Check your event log for "Microsoft-Windows-Subsys-SMSS" and if you see "A platform binary was successfully executed." your PC vendor is doing this. Or, look for a file called wpbbin.exe in windows\system32. (This file would ONLY exist if Windows found it in your firmware and ran it.)

Anyone find a wpbbin.exe file??

If you thought I was tinfoil hat before, you'll want to tune in now. LoL

1 Like

im guessing this is only lenovo or any pc?

Probably any PC manufacturer, not that they are all doing but that they have the capability. Also, what's up with all the recent Lenovo asshatery?

I did a search for the wpbbin.exe, it came up as a negative on my laptop (Lenovo G510). Lucky me I guess. This Lenovo crap is getting on my nerves though. I planned on getting a new laptop in a year or two and wanted a Lenovo (Y40-80, one of the things on the list), but this keeps me away. It makes me wonder if Lenovo is the only one doing this, or are other companies doing it, but no one is noticing?

Maybe I'll get an MSI laptop instead or something...

List: http://news.lenovo.com/article_display.cfm?article_id=2013&cid=ww:social:220992585:220992583:TWITTER:lenovo:BAU-Brand&linkId=16227692

You could still get it, just do a fresh windows install.

..right?

Any PC manufacture can take advantage of it but only Lenovo are known for using it just now.

@wendell Lenovo have pushed a BIOS update to fix the problem and have an update about it here (though not in super detail)

It affects some of there consumer range and none of there think- series range.

For those who dont want to click

In the April - May timeframe, Lenovo made available new BIOS firmware for some of its consumer PCs that eliminated a security vulnerability that was discovered and brought to its attention by an independent security researcher, Roel Schouwenberg. In coordination with Mr. Schouwenberg and in line with industry responsible disclosure best practice, on July 31, 2015, we issued Lenovo Product Security Advisories, that highlighted the new BIOS firmware – specifically for consumer Notebook and Desktop. Lenovo always strongly recommends that users update their systems with the latest BIOS firmware. Starting in June, the new BIOS firmware has been installed on all newly manufactured Lenovo consumer notebook and desktop systems.

The vulnerability was linked to the way Lenovo utilized a Microsoft Windows mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) that was installed in some Lenovo consumer PCs. Think-brand PCs are unaffected. Along with this security researcher, Lenovo and Microsoft have discovered possible ways this program could be exploited in the Lenovo Notebook implementation by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server.

As a result of these findings, Microsoft recently released updated security guidelines (see page 10 of this linked PDF) on how to best implement this Windows BIOS feature. Lenovo’s use of LSE was not consistent with these new guidelines. As a result, LSE is no longer being installed on Lenovo systems. It is strongly recommended that customers update their systems with the new BIOS firmware which disables and or removes this feature.

LSE was shipped on some Lenovo-branded notebook systems running Windows 7, 8 and 8.1 and desktop systems running Windows 8 and 8.1 as listed below. The software does not come loaded on any Think-branded PCs.

As you can see, theres actually a vulnerability here. Everyone's mad that they have a program loader in the BIOS and everyones missing the fact that it isnt secure. At least theres a fix, unfortunately BIOSs are not simple to patch (for consumers)

Regardless or that, its also worth remembering that this is a Windows FEATURE, Microsoft implemented this so people could make use of it. Lenovo are stupid for using it as clearly there smart enough to know to not use it on thinkpads, but Microsoft put it there for a reason. What else can you expect in Windows 10...

Nope, not according to the forum posts on arstechnica, you have to do some silly things to the bios to get rid of it. I'd be willing to do it, but is it worth the time. Y40-80 is a damn good price, but I could always save up for something more powerful.

For the record, when I got the G510, I already did a fresh install with my own Windows 8.1 iso and key to get rid of the Superfish that might have existed back when I got it...

DON'T WORRY EVERYONE...I'M OKAY.

I USE A VOSTRO 1500!

That model doesnt have this feature (according to the site) so it shouldn't show up and you wont be affected by the vulnerability.

I know, but I checked to be sure. I'd rather be safe, after all I did have the Superfish vulnerability, no saying what Lenovo is going to try next.

So question. Do we know why Lenovo chose to do this? From everything I am reading, it forces the service to try and update using the official Lenovo drivers, which in and of itself isn't a bad thing. It seems to me they just did a poor job of implementing it.