Lenovo Active Protection System Privilege Escalation - Lenovo Support US

Lenovo Security Advisory: LEN-13637

Potential Impact: Privilege Escalation or Denial of Service

Severity: High

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2017-3740

Summary Description:

During an internal assessment, a local privilege escalation vulnerability was identified in Lenovo Active Protection System. An attacker with local privileges could send commands to the system’s embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

Active Protection System is used to protect data on a hard drive when the sensor inside your PC detects sudden movement that could potentially damage the hard drive’s moving parts. It temporarily stops the drive from spinning, and restarts operation once the shock sensors detect a stable environment.

Mitigation Strategy for Customers (what you should do to protect yourself):

Run Lenovo System Update to automatically update Active Protection System to version 1.82.0.14 or later, or manually update by clicking here and follow the instructions in the readme file.