In our previous publication we mentioned about the risks it poses to protection προσωπικών δεδομένων του χρήστη το πρόγραμμα LSE της Lenovo. Σήμερα λάβαμε την επίσημη ανακοίνωση της εταιρείας μέσω της αντιπρόσωπου της για το συγκεκριμένο θέμα.
We hereby notify you of Lenovo's official statement:
Between April and May, Lenovo released the new BIOS firmware for some of its consumer PCs, which did not include a security vulnerability that was discovered and came to light by an independent security researcher, Roel Schouwenberg.
In co-operation with Mr. Schouwenberg and in line with industry best practices for the protection of personal data, at 31 July 2015, we issued the Lenovo Product Security Advisories, which highlights the new BIOS firmware - especially for consumer Notebook and desktop.
Lenovo unreservedly recommends that users can keep their systems up-to-date with the latest BIOS firmware.
Starting in June, the new BIOS firmware has been installed on Lenovo's new consumer notebook and desktop systems.
The vulnerability was linked to Lenovo's use of the Microsoft Windows mechanism in a BIOS firmware called the Lenovo Service Engine (LSE) that was installed on Lenovo's consumer PCs. PC Think-brand was unaffected.
Together with this security researcher, Lenovo and Microsoft have discovered possible ways in which this program could be exploited by an attacker, including a buffer overflow attack and an attempt to connect to a Lenovo test server.
As a result of these findings, Microsoft released recently updated safety guidelines (see page 10 in the attachment archive) on how to best implement this Windows BIOS feature.
The use of Lenovo LSE was incompatible with these new guidelines. As a result, LSE is no longer installed in Lenovo's systems. Customers are particularly advised to update their systems with the new firmware BIOS that disables or removes this feature.
LSE was shipped to some Lenovo notebook systems, running on Windows 7, 8 and 8.1 and desktop systems running Windows 8 and 8.1. The software is not pre-installed on any Think-branded PCs.