LEN-5519: Lenovo System Update Privilege Escalation

2016-06-24T00:00:00
ID LENOVO:PS500004-NOSID
Type lenovo
Reporter Lenovo
Modified 2016-06-24T00:00:00

Description

Lenovo Security Advisory: LEN-5519

Potential Impact: Local Privilege Escalation

Severity: High

Scope of Impact: Lenovo

Summary Description:

During internal testing, Lenovo identified a local privilege escalation vulnerability in Lenovo System Update (previously known as ThinkVantage System Update) where a user with local privileges on a system could execute code with administrative privileges. Lenovo has released a new version of the Lenovo System Update software that addresses this vulnerability.

Lenovo System Update is a utility software program that performs routine updates and ensures that the latest drivers, BIOS, and other applications are installed to protect, maintain and optimize systems.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update System Update to version 5.07.0027 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting “About.”

Lenovo System Update can be updated by choosing either of the following two methods:

1. Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that a new version is available.

2. To manually update, download the latest version from the following URL: <http://support.lenovo.com/en/documents/ht080136>

Product Impact:
The following products may be impacted:

  • All ThinkPad
  • All ThinkCentre
  • All ThinkStation
  • Lenovo V/B/K/E Series

Revision History:

*Revision*

|

*Date*

|

*Description*

---|---|---
1.0 | 5/19/2016 | Initial release