View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Three flaws put Lenovo PCs at risk of being hacked

Security warning follows months after Superfish adware scandal.


Users of Lenovo PCs are at risk of being hacked after of a trio of vulnerabilities were found by researchers at the security vendor IOActive.

Taken together, the flaws allow hackers to infiltrate victims’ machines through public wireless networks and gain privileges over a system to run malicious commands, potentially installing malware.

A security advisory from IOActive said: "Arbitrarily executing commands sent by a malicious unprivileged user represents a massive security risk."

"Lenovo does attempt to restrict access to the System Update Service by requiring clients of the named pipe [which allows less privileged users access to System Update] to authenticate by including a security token with the command the unprivileged user wishes to execute.

"Unfortunately this token is a predictable token and can be generated by any user without requiring any elevated permissions."

Whilst Lenovo fixed the flaw in April it emerged that it had known about the problem since at least February, around the same time that the company was accused of bundling the adware Superfish with its computers.

Among the products affected this time are the ThinkPad, ThinkCentre and ThinkStation, as well as the Lenovo V/B/K/E Series.
Customers who wish to patch the problem should run System Update, which will prompt them to install the latest version.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy