Lenovo Nerve Center for Desktops Privilege Escalation - us

Type lenovo
Reporter Lenovo
Modified 2017-06-19T00:00:00


Lenovo Security Advisory: LEN-15046

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Lenovo Specific

CVE Identifier: CVE-2017-3747

Summary Description:

During an internal security review, a vulnerability was discovered in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.

Lenovo Nerve Center is software that provides an interface for overclocking the CPU, altering network performance, and controlling other features of the PC.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to version 1.70.0426 or later of Lenovo Nerve Center by going to “Settings” and checking for a new version of Lenovo Nerve Center. Download and install the new version and reboot the system to complete the installation.

You can also install the update from the Lenovo Nerve Center support site here.