Lenovo Security Advisory: LEN-10149
Potential Impact: Local privilege escalation, cross-site request forgery, insecure connection, possibility to insert a forged code signing certificate
Severity: High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2016-8228, CVE-2016-8229, CVE-2016-8230, CVE-2016-8231
Summary Description:
During an internal investigation, Lenovo identified multiple vulnerabilities in Lenovo Service Bridge (LSB), including the following:
Lenovo Service Bridge (LSB.exe) is a utility software program operating under Windows that is offered as a download on the Lenovo Support website and is used to automatically detect your computerβs serial number, machine type and model. It then passes this information to a Lenovo server replacing the need to search or browse for your product to obtain support.
Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo Service Bridge will automatically update on your system if it is installed. This issue is fixed in version 4 and above. Users can also manually update by going to http://pcsupport.lenovo.com and clicking on βDetect my Serial Numberβ to view the introduction, terms and condition and the download option for Lenovo Service Bridge.
When the update is ready, make sure to select βinstallβ if your anti-virus program (such as Symantec) pops up a message that a new software update is available.