Lenovo patches critical flaws in the pre-installed software on its PCs and Laptops

If you own a Lenovo PC or a laptop, you should hurry to install the patch issued by Lenovo.

Lenovo has issued an emergency patch to fix flaws in software that that come pre-installed on its Windows PCs and Laptops. This was done security researchers warned that it contained vulnerabilities that allow potential hackers to remotely seize control of the Lenovo PC or Laptop.

Security researchers Michael Milvich and Sofiane Talmat from IOActive made public the flaws in the pre-installed software on Windows run Lenovo PCs in April. The researchers had discovered the flaws in February but gave time to Lenovo for patching the same.

The researchers said that the vulnerabilities affect the Lenovo System Update software version 5.6.0.27 and earlier. The Lenovo System Update is a preinstalled software which was earlier known as ThinkVantage System Update and is present on Lenovo ThinkPad, ThinkCenter and ThinkStation laptops and tablets, as well as Lenovo V/B/K/E Series PCs.



The researchers said that one of the flaw, which was rated as critical by them, centered on a “race condition,” in which attackers can make the System Update verify that an executable file is a legitimate one and then substitute a malicious executable file to overrun it for malicious purpose.

“Lenovo System Update validates all system update files as they are downloaded from the Lenovo servers. However, if the local system contains malware, it is possible that the downloaded updates could be altered before installation,” Lenovo stated in the security advisory.

The Lenovo security advisory states that users need to update the Lenovo software to version 5.06.0034 or later. “Lenovo System Update automatically checks for a [new] version whenever the application is run,” the company’s security advisory says. “Click OK when prompted that new version is available.”

If you own a Lenovo PC or Laptop, you can download the patch from here.