Lenovo Security Advisory: LEN-15046
Potential Impact: Privilege escalation
Scope of Impact: Lenovo Specific
CVE Identifier: CVE-2017-3747
During an internal security review, a vulnerability was discovered in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
Lenovo Nerve Center is software that provides an interface for overclocking the CPU, altering network performance, and controlling other features of the PC.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to version 1.70.0426 or later of Lenovo Nerve Center by going to “Settings” and checking for a new version of Lenovo Nerve Center. Download and install the new version and reboot the system to complete the installation.
You can also install the update from the Lenovo Nerve Center support site here.