A researcher has discovered a new low-level zero-day exploit that overrides the protection for the firmware code in Lenovo ThinkPads and other laptops, bypassing hardware and Windows security features. Last week, Dmytro Oleksiuk, also known as cr4sh, released the code for his ThnkPwn proof of concept on Github, showing how it can be used to exploit a flaw in the unified extensible firmware interface (UEFI) driver for privilege escalation. This lets attackers remove the write protection for system flash memory, and allows them to run arbitrary code with full access to the entire victim system. Lenovo had not received advance...