USB Enhanced Performance Keyboard

Type lenovo
Reporter Lenovo
Modified 2017-01-23T00:00:00


Lenovo Security Advisory: LEN-2015-015
Potential Impact: Escalation of Privilege
Severity: Low

Lenovo’s “USB Enhanced Performance Keyboard” software has a known issue where debug code was accidently left in the application. The debug code includes information about which keys on the keyboard are pressed. Lenovo has released a new version of the software that removes the debug code.

The debug code exists in all previous versions of the software, and has been preloaded on ThinkPad and ThinkCentre systems since early 2014. The debug code, in SKHOOKS.DLL, calls the Windows API OutputDebugString to indicate which key has been pressed. The debug code does not store this information or send it anywhere. There is no possibility to exploit this vulnerability remotely. Only users with access to the system, and the ability to run a special tool to capture debug output, are able to intercept these calls to OutputDebugString. To eliminate this vulnerability, Lenovo has removed the debug code from SKHOOKS.DLL.

Mitigation Strategy for Customers (what you should do to protect yourself):
There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps:

  • Starting from March 4, 2015, run Lenovo System Update and install the recommended USB Enhanced Performance Keyboard software update
  • Make sure you have the latest version of the software installed on your computer. The minimum version that corrects the problem is version You can find the latest version of the software Here.
  • Alternatively, if you are not using the optional Lenovo USB Enhanced Performance Keyboard (73p2620), you may uninstall this software using the following steps:
    1. Open Control Panel
    2. Click on “Programs”
    3. Click on “Uninstall a Program”
    4. In the list of installed programs, find “USB Enhanced Performance keyboard” and then click on the “Uninstall” button


Other information and references:
CVE ID: CVE-2015-3320

Revision History:






1.1 | 05/05/2015 | Added CVE ID





Initial Release