Home > Others

Update mechanism of Lenovo Accelerator Application is insecure (affects models)

Source: Internet
Author: User
Tags touch lenovo lenovo desktop
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Lenovo security announcement: LEN-6718


Potential impact: Attackers can execute remote code to gain access to the local network.


Severity: high


Impact scope: The following Lenovo products


Abstract description:


It has been found that the Lenovo Accelerator Application has a security vulnerability and may be exploited by man-in-the-middle attackers. This vulnerability exists in the existing update mechanism. In this mechanism, the software will ask the Lenovo server to identify whether application updates exist.


The Lenovo Accelerator Application is used to accelerate the startup of Lenovo applications that were installed on some laptops and desktops preinstalled with Windows 10 operating systems.

Solution:
Measures should be taken for self-protection:


Lenovo recommends that you uninstall the Lenovo Accelerator Application by accessing the "Apps and Features" Application in Windows 10, selecting the Lenovo Accelerator Application, and then clicking "Uninstall ".


Product impact:


The Lenovo Accelerator Application was installed on laptops and desktops that some customers pre-installed Windows 10 operating systems.


The Lenovo Accelerator Application has never been installed on a ThinkPad or ThinkStation device.


Affected Lenovo laptop systems:


305


700


300 S


500/500 S


B40-30/B40-45/B40-45/B40-80


B41-30/B41-35/B41-80


B50-30/B50-30 Touch/B50-45/B50-80/B51-30/B51-35/B51-80


E31-70/E31-80/E40-30/E40-80/E41-80/E50-30/E50-80/E51-80


Edge 15


Edge 2-1580


Erazer N40-30/Erazer N40-45


Erazer N50-45/Erazer N50-45


Erazer Z41-70


Erazer Z51-70


FLEX 2 Pro


FLEX 3


FLEX 4


K20-80


K21-80


K41-70/K41-80


M41-70


M51-80


MIIX 3


MIIX 700


N41-35


N51-35


S21e-20


S41-35/S41-70/S41-75


TianYi 300


U31-70


U41-70


V4000


XiaoXin 700


Y50-70/Y50-70 Touch


Y50c


Y700/Y700 Touch


Touch Y70-70


Y900


Yoga 2


YOGA 3 14


Yoga 3 Pro


Youga 300


YOGA 500/YOGA 510


YOGA 700/YOGA 710/YOGA 900/YOGA 900 S


Z41-70


Z51-70


Affected Lenovo desktop systems:


50050C/50100E/50550A/50600I


A3300


A7300


A8150


B40


C20


C40


C50


C560


D3000


D5010/D5050/D5055


F5005/F5050/F5055


G5005/G5010/G5050/G5055


H3005


H30-50


H5005/H5055


H50-50


IdeaCentre 200


IdeaCentre 300/300 S


IdeaCentre 510/510 S


IdeaCentre 700


M7300z


M8300z/M8350z


M9550z


Yoga Home 500

Note:
Thanks:


Lenovo would like to thank Duo Security high-level Security researcher Mikhail Davidov for reporting this vulnerability.


Other information and references: E-2016-3944


Duo Labs, Out-of-Box Exploitation: A Security Analysis of OEM Updaters


Revision history:


Version: 1.0


Date: 2016.5.31


Description: initial version.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
intel graphics media accelerator driver update application models data php 148 iphone list of models what is intel optane memory accelerator list of samsung tablet models list of machine learning models types of machine learning models

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More