Lenovo Security Advisory: LEN-13637
Potential Impact: Privilege Escalation or Denial of Service
Severity: High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2017-3740
Summary Description:
During an internal assessment, a local privilege escalation vulnerability was identified in Lenovo Active Protection System. An attacker with local privileges could send commands to the systemβs embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.
Active Protection System is used to protect data on a hard drive when the sensor inside your PC detects sudden movement that could potentially damage the hard driveβs moving parts. It temporarily stops the drive from spinning, and restarts operation once the shock sensors detect a stable environment.
Mitigation Strategy for Customers (what you should do to protect yourself):
Run Lenovo System Update to automatically update Active Protection System to version 1.82.0.14 or later, or manually update by clicking here and follow the instructions in the readme file.