CVE-2023-4028

Summary

CVE-2023-4028 is a newly disclosed buffer overflow vulnerability affecting the SystemUserMasterHddPwdDxe driver in certain Lenovo Notebook models. An attacker who gains local access with elevated privileges can exploit this issue to execute arbitrary code. This vulnerability poses a significant risk, as successful exploitation could result in unauthorized system access or data theft. Lenovo urges users to apply the available patch as soon as possible to mitigate this threat. The impact of this flaw is heightened due to its presence in a critical system driver, making it essential for Lenovo to prioritize a swift resolution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.