Users of Lenovo devices may need to uninstall an updating app that may potentially allow attackers to hit their machines.
In a security advisory, Lenovo described the severity of the threat as high, saying an attacker with local network access can remotely execute code.
“A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities. The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available. The Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems preloaded with the Windows 10 operating system,” it said.
Lenovo recommended that customers uninstall Lenovo Accelerator, though it noted the app was never installed on ThinkPad or ThinkStation devices.
It listed the affected Lenovo notebooks as:
Erazer N40-30/Erazer N40-45
Erazer N50-45/Erazer N50-45
FLEX 2 Pro
YOGA 3 14
Yoga 3 Pro
YOGA 500/YOGA 510
YOGA 700/YOGA 710/YOGA 900/YOGA 900S
Z51-70 Affected Lenovo Desktop Systems:
D5010/ D5050/ D5055
F5005/ F5050/ F5055
G5005/ G5010/ G5050/ G5055
Yoga Home 500