Lenovo Security Advisory: LEN-5519
Potential Impact: Local Privilege Escalation
Scope of Impact: Lenovo
During internal testing, Lenovo identified a local privilege escalation vulnerability in Lenovo System Update (previously known as ThinkVantage System Update) where a user with local privileges on a system could execute code with administrative privileges. Lenovo has released a new version of the Lenovo System Update software that addresses this vulnerability.
Lenovo System Update is a utility software program that performs routine updates and ensures that the latest drivers, BIOS, and other applications are installed to protect, maintain and optimize systems.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update System Update to version 5.07.0027 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting “About.”
Lenovo System Update can be updated by choosing either of the following two methods:
1. Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that a new version is available.
2. To manually update, download the latest version from the following URL: <http://support.lenovo.com/en/documents/ht080136>
The following products may be impacted:
1.0 | 5/19/2016 | Initial release