In our previous publication we reported on the risks posed to the user's personal data protection by Lenovo's LSE program. Today we received her official announcement companythrough its representative for the specific matter.
We hereby notify you of Lenovo's official statement:
Στο χρονικό διάστημα Απρίλιος - Μάιος, η Lenοvo διέθεσε το νέο firmware BIOS για μερικά από τα consumer PCs της, που δεν περιλάμβανε ένα τρωτό θέμα ασφάλειας, που ανακαλύφθηκε και ήρθε στην επιφάνεια από έναν ανεξάρτητο ερευνητή ασφάλειας, τον Roel Schouwenberg.
In co-operation with Mr. Schouwenberg and in line with industry best practices for the protection of personal data, at 31 July 2015, we issued the Lenovo Product Security Advisories, που επισημάνει το νέο BIOS firmware - ειδικά για consumer Notebook and Desktop.
Lenovo unreservedly recommends that users can keep their systems up-to-date with the latest BIOS firmware.
Starting in June, the new BIOS firmware has been installed on Lenovo's new consumer notebook and desktop systems.
The vulnerability was linked to the way Lenovo uses its mechanism Microsoft Windows on feature feature found in the BIOS firmware, called the Lenovo Service Engine (LSE), that was installed on some Lenovo consumer PCs. PC Think-brand was not affected.
Together with this security researcher, Lenovo and Microsoft have discovered possible ways in which this program could be exploited by an attacker, including a buffer overflow attack and an attempt to connect to a Lenovo test server.
As a result of these findings, Microsoft released recently updated safety guidelines (see page 10 in the attached file) about how to best apply this Windows BIOS feature.
The use of Lenovo LSE was incompatible with these new guidelines. As a result, LSE is no longer installed in Lenovo's systems. Customers are particularly advised to update their systems with the new firmware BIOS that disables or removes this feature.
The LSE was shipped to some Lenovo notebook systems running Windows 7, 8 and 8.1 and desktop systems running Windows Windows 8 and 8.1. The software is not pre-installed on any Think-branded PCs.