Lenovo Users: 'System Update Flaw'

Published on May 7, 2015 By DrJBHL In Personal Computing

Lenovo’s certainly having its share of bad luck recently. First the Superfish compromise of digital certificates, and now a patch for “System Update Flaw” which is actually how they update their software, and how that update mechanism had a serious flaw before the patch.

It turns out that any hacker could remotely install malware on a Lenovo computer simply by being on the same unsecured wireless network. They’re not the only ones who use unsecured networks for updates, though. Some security software does it too (see here).

So, LeNovo made folks vulnerable to “coffee shop attacks”.

That isn’t so bad as this: They were informed of it 3 months ago by IOActive!

“The problem affects users of the ThinkPad, ThinkCenter and ThinkStation ranges, plus the B, E, K and V series of Lenovo PCs. That said, users should get an on-screen message asking them to install the security patch in the coming days. Alternatively, they can use a direct link on Lenovo's support site.”- lenovo.com

This is that link: https://support.lenovo.com/us/en/documents/ht080136

This is pretty bad considering that it is such a basic failure in security and so many LeNovo users depend on their automatic update thinking that LeNovo’s IT knows what it’s about.

Think again.

Source:

https://www.infopackets.com/news/9582/lenovo-users-warned-system-update-flaw

Comments

XavierMace

on May 11, 2015

Yet another reason not to use unsecured wireless networks.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!