Researchers have discovered a serious security issue in software that is installed in almost every Lenovo notebook, tablet and PC, and potentially affects millions of users.
The software with the security gap is Lenovo Solution Center. This software allows users to see the overall status of their device (hardware, software status, network connections) but also to install security features.
But researchers seem to have discovered a way for local escalation of privileges, which allows an attacker to get increased access rights to the system.
This of course allows it to execute code without restrictions on machine. Depending on the skill level of the attacker, they can very easily make the user's device do whatever they want, according to security firm Trustwave.
In other words, a hacker can run malicious software at administrator and system level, even if the application does not seem to be running.
The good news is that Lenovo quickly patched the software when the vulnerability.
The company released the update last week, and those who open the Lenovo Solution Center will be asked to install it automatically.
But here we have to say two words about this software.
The online community calls this kind of software "bloatware,” και υπάρχει προεγκατεστημένο στα ThinkPads, τα ThinkPad tablets, στα ThinkCenter αλλά και στα ThinkStation, IdeaCenter και μερικά IdeaPads, που τρέχουν με Windows 7 ή και νεότερο operating system.
This frequently-unwanted software is also known as "crapware" and is still a major issue on PCs or mobile devices, mainly because it is known to compromise the security of installed systems.
Let's also mention that this is not the first time that security experts discover problems with Lenovo devices. In February of 2015, researchers found that Lenovo had installed a root certificate on its laptops.
The "Superfish" scandal caused a sensation in the security community.
Read Caution! Lenovo come with adware and root certificate
The company later promised to stop installing bloatware on computers and devices it markets.