Lenovo seems to be under the spotlight once more even though it’s only been a few months since the whole Superfish scandal. This time around, the Chinese company’s products were analyzed by a Security research firm named IOActive, whose experts found not one, not two, but three serious security flaws linked to Lenovo’s System Update feature.
The first one of these vulnerabilities is based on Lenovo’s security token system, while the second could allow unprivileged local users to run commands as an administrator. The third and perhaps the most dangerous flaw allows remote and local attackers to swap Lenovo apps for their own malicious ones. The good news, at least for Lenovo, is that IOActive decided to report these findings to the company before releasing them to the public. This allowed Lenovo to create a patch for these issues, a patch that was launched in April.
The vulnerabilities affect all ThinkStation, ThinkCenter, ThinkPad, B, E, K and V-series systems, which means that it is probably a very good idea to check if you’re running the fixed version of the Lenovo System Update. You can do this by opening the app and by clicking the green question mark located in the top right corner. Select “about” and make sure that you’re not running the version 184.108.40.206 or an earlier one. You could also install your own Windows just to be on the safe side. That’s what I’d do anyway.
Do you usually wipe the drives of your newly bought PCs or do you stick with the OS and apps provided by the manufacturer?
Thank you Techspot for providing us with this information.