The utility also sends non-personally identifiable system data to Lenovo servers," the Chinese goliath explained. "Lenovo Service Engine (LSE) is a utility in the BIOS that helps users download a program called OneKey Optimizer on certain Lenovo Notebook systems. Think-branded PCs did not include the LSE, we're told.
Desktop machines built between Octoand April 10, 2015, with Windows 8 preinstalled, have the LSE inside them. On Tuesday this week, Lenovo published a full list of affected desktop and notebook models. Owners of LSE-afflicted computers urged to update their firmwareĪ tool quietly released on July 31 will uninstall the engine if it is present in your machine: it is available here for notebooks, and available here for desktops. The PC maker's laptops definitely do, however. These models phone home system data, but do not install any extra software, and do not suffer from the aforementioned privilege-escalation vulnerability. Incredibly, Lenovo was shipping desktop PCs that feature the LSE in their firmware. Lenovo has also pulled the LSE from new desktop machines. Two months later, in June, it pulled the whole thing: the LSE software is no longer included in new laptops.
Secure as possible? Not in this case: security researcher Roel Schouwenberg found and reported a buffer-overflow vulnerability in the LSE that can be exploited to gain administrator-level privileges.Īfter Lenovo learned of this bug in April, it dawned on the company that its LSE was falling foul of Microsoft's security guidelines for using the powerful WPBT feature. Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions.
Windows will write the flat image to disk, and the Session Manager will launch the process."Ĭrucially, the WPBT documentation stresses: The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a âcleanâ configuration. "The binary is required to be a native, user-mode application that is executed by the Windows Session Manager during operating system initialization.
0 kommentar(er)
