Technology News
English Edition

Lenovo PCs Have 'Massive Security Risk' Say Researchers; Fix Issued

By Ketan Pratap | Updated: 7 May 2015 15:19 IST
Lenovo PCs Have 'Massive Security Risk' Say Researchers; Fix Issued
Advertisement
Lenovo's image has taken another hit with a report of another software-related glitch on its computers that could potentially allow attackers to bypass signature validation checks and replace trusted Lenovo applications with malware.

Security researchers Michael Milvich and Sofiane Talmat of IOActive discovered a 'massive security risk' in the Lenovo System Update software in February, and reported the issue to the world's biggest PC maker. The researchers have now made the vulnerabilities public after Lenovo has issued a patch for the application.

The Chinese company has posted a patch for consumers on its support page titled "Lenovo System Update Privilege Escalation." Affected machines in the Lenovo lineup are the Lenovo ThinkPad, ThinkCentre, ThinkStation, and other Lenovo laptop (V, B, K, and E) series. Users of these machines can either run Lenovo System Update and install the new version when prompted by the app, or download and install the latest version manually.

Milvich and Talmat of IOActive have detailed three vulnerabilities in the Lenovo System Update software in a security advisory. According to the IOActive security advisory, the CVE-2015-2219 vulnerability allows local least-privileged users to run commands as the system user. The CVE-2015-2233 vulnerability, on the other hand, allows a hacker to replace the trusted company software with any malicious software.

"Remote attackers who can perform a man in the middle attack (the classic coffee shop attack) can exploit this to swap Lenovo's executables with a malicious executable. The System Update uses TLS/SSL to secure its communications with the update server, which should protect against "coffee shop" style attacks," notes the IOActive security advisory. Lastly, CVE-2015-2234 vulnerability allows local unprivileged users to run commands as an administrative user.

All the vulnerabilities reported by security researchers have been fixed in the new version of the Lenovo System Update software released by the Chinese firm, confirms IOActive security advisory. Lenovo has also thankedMilvich and Talmat of IOActive for reporting issues to the company in a responsible manner.

To recall, Lenovo faced much flak back in February when it was found to be pre-installing Superfish software, classified as adware by researchers, on its computers. After defending the software as a shopping tool to aid users, the world's largest PC maker promised to stop pre-installing such software.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Laptops, Lenovo, Lenovo Computers, Malicious Software, PC
Ketan Pratap
Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Nintendo Posts Annual Profit on Wii U Sales Growth, Weak Yen
Rahul Gandhi Makes Twitter Debut With @OfficeOfRG Account

Related Stories

Lenovo PCs Have 'Massive Security Risk' Say Researchers; Fix Issued
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Hyundai Unveils Creta Electric in India With 473KM Claimed Range
  2. Realme 14 Pro 5G Series Camera Features Revealed Ahead of India Launch
  3. Facebook and Instagram Might Soon be Filled With AI Users
  4. Corporate Executives Said to Be Targeted by AI-Generated Phishing Scams
  5. Moto G05 to Launch in India on January 7; Specifications Revealed
  6. Samsung May Expand the Availability of Good Lock App to All Countries
  7. Poco X7 Pro 5G Battery Size, More Features Revealed Ahead of India Launch
  8. Samsung Said to Be Working on New Camera Sensors for iPhone
#Latest Stories
  1. Patent Suggests Nintendo Working on DLSS-Style AI Upscaling Technology Ahead of Nintendo Switch 2 Launch
  2. Moto G05 Set to Launch in India on January 7; Specifications Revealed
  3. Poco X7 Pro Iron Man Edition to Launch Globally on January 9 Alongside Poco X7 Series
  4. Google to Update Its Crypto Ads Policy in the UK Starting January 15: All Details
  5. Apple Offers iPhone Discounts in China as Competition Intensifies
  6. Samsung Said to Be Readying 500-Megapixel Camera for Galaxy Devices, New Image Sensors for iPhone
  7. Hyundai Creta Electric With 473KM Claimed Range, Active Air Flaps Unveiled in India: Features, Launch Date
  8. OnePlus Ace 5V Key Features Leaked; Said to Get MediaTek Dimensity 9350 SoC, 7,000mAh Battery
  9. Vivo T3x 5G Price in India Slashed by Rs. 1,000: Here's How Much It Costs Now
  10. Samsung Odyssey OLED G8, Four Other Monitors Announced Ahead of CES 2025
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »