cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Birraque
Token Ring
Posts: 187
Location: BR
Views: 8,506
Message 1 of 9

Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

Microsoft released a rare out-of-band security update to supported many versions of Windows. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

Dubbed “Meltdown” and “Spectre,” the flaws affect nearly every device made in the past 20 years, and could allow attackers to use JavaScript code running in a browser to access memory in the attacker’s process. That memory content could contain key strokes, passwords, and other valuable information. More Info

For consumers, to keep Windows up to date is the first step but is mandatory to install applicable Firmware (BIOS) update provided by OEM device manufacturer.

 

1) Microsoft has released the following patches for Windows 10:
KB4056892 (OS Build 16299.192)
KB4056891 (OS Build 15063.850)
KB4056890 (OS Build 14393.2007)
KB4056888 (OS Build 10586.1356)
KB4056893 (OS Build 10240.17738)
(*) Verifying that protections are enabled, you are protected if all lines have the "True" value.

 

PowerShell_LenovoY2P.jpgVerification using the PowerShell, Lenovo Yoga 2 Pro (20266 / 80AY), Patches Installed

2) Then I would like to know when Lenovo Yoga 2 Pro (20266 / 80AY) is going to receive a microcode fix (Firmware Update) to address Spectre and Meltdown security risks?

Currently it isn't even listed under Lenovo Security Advisory LEN-18282

Please support your costumers with a proper Firmware.

 

Best Regards,

AndyU
Ctrl-Alt-Del
Posts: 8
Location: RU
Views: 6,323
Message 2 of 9

Yoga 2 Pro BIOS update (Meltdown/Spectre mitigation)?

As I know, Intel already published microcode updates for all Haswell CPU's, including mobile. At least, ASUS support confirmed, that BIOS of all MB for Haswell will be updated. Updated microcodes for Linux are already available. What about BIOS update for the Yoga 2 Pro with i7-4500U? Thank you in advance.
Highlighted
TiloNovo
Ctrl-Alt-Del
Posts: 11
Location: CA
Views: 7,559
Message 3 of 9

Re: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

bump.
CK88
Paper Tape
Posts: 3
Location: SG
Views: 7,434
Message 4 of 9

Re: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

Same here. Please issue an update asap.

jmi1
Paper Tape
Posts: 2
Location: United States
Views: 6,504
Message 5 of 9

Re: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

I'm also here looking for the status of a firmware update for the Yoga 2 for this mitigation. These computers aren't that old.  Manufacturers really give no reasons to update these days (computers aren't getting much faster anymore) so I suspect a lot of Haswell and Broadwell machines are still floating around and need to be patched. My other machine is also Haswell based and I'm currently pushing that manufacturer as well. Intel has released a microcode update for these processors (see below).  Manufacturers that patch these sorts of issues on still commonly used machines will get my future dollars.  Those who only update last years' devices will not.

 

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?product=873

D000D
Punch Card
Posts: 28
Location: US
Views: 5,527
Message 6 of 9

Re: Yoga 2 Pro BIOS update (Meltdown/Spectre mitigation)?

Are there any Lenovo reps listening? If there are I would like to suggest that a link be provided showing when each model of Lenovo computer is expected to receive the necessary patch to fix the Meltdown/Spectre vulnerability.

 

My Yoga 2 Pro is only 4 years old and works perfectly fine. Seems reasonable that Lenovo should provide the necessary BIOS update. I know that is likely to be a large task considering how many different computers model have been sold by Lenovo. It would certainly reduce the anxiety level if customers knew about how long we will have to wait for a BIOS update, or if we are never going to receive a BIOS update.

Birraque
Token Ring
Posts: 187
Location: BR
Views: 5,442
Message 7 of 9

Re: Yoga 2 Pro BIOS update (Meltdown/Spectre mitigation)?

Currently Yoga 2 Pro (20266) isn't even listed under Lenovo Security Advisory (NO ETA FOR US) as detailed HERE.
Please Lenovo support your costumers with a proper Firmware.
Regards,

island
Punch Card
Posts: 46
Location: US
Views: 4,946
Message 8 of 9

Re: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

I have both a Yoga 2 Pro and a Yoga 910-13IKB 80VF and am checking daily for bios updates for both.

Administrator
Administrator
Posts: 6,099
Location: SK
Views: 4,757
Message 9 of 9

Re: Yoga 2 Pro new Firmware to address Spectre and Meltdown security risks

All FYI

 

Two threads have been merged which explains the difference in subject titles on posts.  I have also removed some posts which were contrary to the Community Guidelines in regard to campaigning, further similar posts anywhere in the Community will also be removed.

 

As this topic is being addressed in the Security forum: https://forums.lenovo.com/t5/Security-Malware/bd-p/Security_Malware please search and engage discussion there.

 

This thread is now locked to avoid duplication, which only splinters discussions.

Andy


English Community Leader


Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points


Did you find a post helpfull? You can thank the member by clicking on the star to the left awarding them Kudos


T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more.


Please don't ask me questions by Personal Message; questions belong in the forums.


Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

Top Kudoed Authors