Please uninstall our unsafe bloatware: Lenovo

By on
Please uninstall our unsafe bloatware: Lenovo

Lenovo is telling users to remove pre-installed software from its laptops and desktops due to its potential for remote code execution.

The software is the Lenovo Accelerator Application. The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users' systems.

The vulnerability is rated as high risk by Lenovo.

To protect against the vulnerability, Lenovo said users should uninstall the Accelerator Application, which is bundled on a large number of the company's retail notebooks and desktop computers.

The Lenovo Accelerator Application is not installed on the business-grade ThinkPad and ThinkStation computers.

Earlier this week, security vendor Duo Research released a report that highlighted the poor state of security for applications bundled by vendors on their computers.

Duo Research said Lenovo's UpdateAgent, which is used for the Application Accelerator, "was one of the worst updaters we looked at, providing no security features whatsoever".

UpdateAgent pings a Lenovo server every ten minutes for updates, with the entire data exchange in plain text over HTTP. An attacker could easily impersonate the Lenovo update server, and deliver malware on users' computers as UpdateAgent makes no effort to validate patches that are downloaded and executed on systems.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


How do you feel about Telstra's new services play?
Telstra has become a direct threat - we'll only work with other carriers
We can live with this - we'll still use Telstra networks
This is an opportunity for us - customers liked working with Telstra's sub-brands
This changes nothing - Telstra was always a competitor
View poll archive

Log In

Username / Email:
  |  Forgot your password?