© 2015 by TechKie.Net

Best viewed with Internet Explorer (version 9 and above), Firefox, Chrome and Safari (7 and above).

 

Lenovo System Update Serious Security Flaw

May 7, 2015

 

Lenovo's status as a top corporate  computer provider has hit another snag when it annouced that one of their Lenovo System Update app has some medium risk security flaw. Previously their laptops were preinstalled with an adware named Superfish which were downplayed by them. The latest flaw will indeed cause some panic among their loyal customers as other brands seem to have less of such issues.

 

Security researchers at IOActive said in an advisory detailing three separate vulnerabilities that hackers could bypass checks to ensure the integrity of apps, allowing them to run malware on an affected Lenovo machine. The flaw can be exploited when the attacker create a fake (certificate authority) to create a code-signing certificate to sign executables. The System Update will accept and execute the files with priviledged rights and this affects most ThinkPad, ThinkCenter, and ThinkStation products, along with V, B, K, and E-series machines.\

 

The patch can be found here. I do advise corporate customers to consider updating this fix to minimize the impact it might cause to the corporate infrastructure.

 

Signing off,

Techkie

 

Please reload

  • Wix Facebook page
  • Wix Twitter page
  • Wix Google+ page
Follow Me
Featured Posts

Migrating to Canada from Singapore Part 2

August 23, 2018

1/7
Please reload

Recent Posts

November 6, 2017

Please reload

Archives
Tags
Please reload