Lenovo Security Advisory: LEN-15765
Potential Impact: Privilege Escalation
Scope of Impact: Lenovo Specific
CVE Identifier: CVE-2017-3756
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
Active Protection System is used to protect data on a hard drive when the sensor inside your PC detects sudden movement that could potentially damage the hard drive's moving parts. It temporarily stops the drive from spinning, and restarts operation once the shock sensors detect a stable environment. It is also used to control thermal performance in hard drives and solid state drives.
Mitigation Strategy for Customers (what you should do to protect yourself):
Run Lenovo System Update to automatically update Active Protection System to version 220.127.116.11 or later, or manually update by clicking here and following the instructions in the readme file.