Lenovo’s System Update Software Woes

  • May 27, 2015
  • Computer Security News

Lenovo Thinkpad keyboardFor a computer company, the only thing worse than exposing customers to security risks is to do it a second time in less than 12 months. In the late summer of 2014, Lenovo released laptops preloaded with Superfish software that bypassed website encryptions and left users vulnerable to cyber attackers. Computer repair experts now report that company’s own System Update software in February 2015 may have put Lenovo users at risk.

Portland Computer Repair Experts Explain Security Holes

IOActive, a computer security consulting company, found and reported three high-level vulnerabilities in Lenovo System Update and earlier versions. Instead of providing users with the latest drivers and software, the updates used an authentication system that had a password, or security token, that was simple to guess. This meant that users without the appropriate privileges could input commands as an administrative user or a System user. One of the updates also allowed remote and local attackers to replace trusted Lenovo applications with malicious software.

After IOActive notified Lenovo about the vulnerabilities, the computer company released a patch that updated the Lenovo System Update application. In an April 2015 press release, Lenovo provided the public with information about the new patch and instructions to ensure its deployment.

What the Security Glitches Mean for You

In a Product Security Advisory, Lenovo stated that the computers affected by the updates include all ThinkPads, ThinkCenters and ThinkStations, as well as computers in the V, B, K and E series. If you have any of these computers and don’t have version 5.06.0034 or later of the Lenovo System Update application, you may be at risk for an attack. You may manually download the latest Lenovo System Update on the Thinkvantage System Update page.

If you have concerns about your Lenovo computer’s security or want to make sure that you have the latest update installed on your computer, get in touch with Happy Hamster. Our computer repair services include virus and malware elimination, as well as computer training so you can perform security-related tasks on your own. Call us to learn more.
[Photo by: Acid Pix via CC License]


Leave a reply

Your email address will not be published. Required fields are marked *