Blog

IT Security Tips – Lenovo Security Alert

lenovo_logo_red-930x488

IT Security Tip – Lenovo Security Alert: Accelerator Vulnerability

If you own a Lenovo computer you may want to read on! 

Lenovo have announced that their installed system software on Windows machines has a security flaw.  The software in question is Lenovo Accelerator ApplicationThe Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems pre-loaded with the Windows 10 operating system.

The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users’ systems. The vulnerability is rated as high risk by Lenovo. How the application works, an UpdateAgent pings a Lenovo server every ten minutes for updates, with the entire data exchange in plain text over HTTP. An attacker could easily impersonate the Lenovo update server, and deliver malware on users’ computers as UpdateAgent makes no effort to validate patches that are downloaded and executed on systems.

 The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo’s IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw.  You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the ‘Apps and Features’ application in Windows 10, selecting the Lenovo Accelerator Application and clicking on “Uninstall.”

For our clients who enjoy our Proactive Managed IT Support services, we have identified if you have any of the Lenovo models affected and remotely uninstalled the Lenovo Accelerator Application.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) ↓

Leave a Comment