01-06-2018 09:47 PM - edited 01-06-2018 10:27 PM
Microsoft released a rare out-of-band security update to supported many versions of Windows. The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
For consumers, to keep Windows up to date is the first step but is mandatory to install applicable Firmware (BIOS) update provided by OEM device manufacturer.
1) Microsoft has released the following patches for Windows 10:
KB4056892 (OS Build 16299.192)
KB4056891 (OS Build 15063.850)
KB4056890 (OS Build 14393.2007)
KB4056888 (OS Build 10586.1356)
KB4056893 (OS Build 10240.17738)
(*) Verifying that protections are enabled, you are protected if all lines have the "True" value.
2) Then I would like to know when Lenovo Yoga 2 Pro (20266 / 80AY) is going to receive a microcode fix (Firmware Update) to address Spectre and Meltdown security risks?
Currently it isn't even listed under Lenovo Security Advisory LEN-18282
Please support your costumers with a proper Firmware.
01-08-2018 04:20 AM
01-10-2018 09:09 AM
I'm also here looking for the status of a firmware update for the Yoga 2 for this mitigation. These computers aren't that old. Manufacturers really give no reasons to update these days (computers aren't getting much faster anymore) so I suspect a lot of Haswell and Broadwell machines are still floating around and need to be patched. My other machine is also Haswell based and I'm currently pushing that manufacturer as well. Intel has released a microcode update for these processors (see below). Manufacturers that patch these sorts of issues on still commonly used machines will get my future dollars. Those who only update last years' devices will not.
01-10-2018 11:49 PM
Are there any Lenovo reps listening? If there are I would like to suggest that a link be provided showing when each model of Lenovo computer is expected to receive the necessary patch to fix the Meltdown/Spectre vulnerability.
My Yoga 2 Pro is only 4 years old and works perfectly fine. Seems reasonable that Lenovo should provide the necessary BIOS update. I know that is likely to be a large task considering how many different computers model have been sold by Lenovo. It would certainly reduce the anxiety level if customers knew about how long we will have to wait for a BIOS update, or if we are never going to receive a BIOS update.
01-11-2018 04:19 AM - edited 01-11-2018 04:28 AM
Currently Yoga 2 Pro (20266) isn't even listed under Lenovo Security Advisory (NO ETA FOR US) as detailed HERE.
Please Lenovo support your costumers with a proper Firmware.
01-16-2018 04:19 AM
Two threads have been merged which explains the difference in subject titles on posts. I have also removed some posts which were contrary to the Community Guidelines in regard to campaigning, further similar posts anywhere in the Community will also be removed.
As this topic is being addressed in the Security forum: https://forums.lenovo.com/t5/Security-Malware/bd-p/Security_Malware please search and engage discussion there.
This thread is now locked to avoid duplication, which only splinters discussions.
English Community Leader
Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points
Did you find a post helpfull? You can thank the member by clicking on the star below their post awarding them Kudos
Please don't ask me questions by Personal Message; questions belong in the forums.