Pre-Loaded Lenovo Software Leaves PCs Vulnerable to Attack

Lenovo has revealed that a vast number of its PCs that have Accelerator Application pre-installed are vulnerable to attack and has advised owners to uninstall the software immediately. Affected systems – which include the Yoga range of Lenovo computers, but not its ThinkPad or ThinkStation PCs – can be exploited via a “man-in-the-middle” attack, which can fool the system into installing malicious software.

“A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities,” Lenovo revealed. “The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available.”

“The Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems preloaded with the Windows 10 operating system,” it adds.

In order to mitigate any further issues “Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the “Apps and Features” application in Windows 10, selecting Lenovo Accelerator Application and clicking on “Uninstall”.”

If you own a Lenovo PC and are concerned that your system could be vulnerable, affected Lenovo systems are:

Notebook:

• 305
• 700
• 300S
• 500/500S
• B40-30/B40-45/B40-45/B40-80
• B41-30/B41-35/B41-80
• B50-30/B50-30 Touch/B50-45/B50-80/B51-30/B51-35/B51-80
• E31-70/E31-80/E40-30/E40-80/E41-80/E50-30/E50-80/E51-80
• Edge 15
• Edge 2-1580
• Erazer N40-30/Erazer N40-45
• Erazer N50-45/Erazer N50-45
• Erazer Z41-70
• Erazer Z51-70
• FLEX 2 Pro
• FLEX 3
• FLEX 4
• K20-80
• K21-80
• K41-70/K41-80
• M41-70 
• M51-80
• MIIX 3
• MIIX 700
• N41-35
• N51-35
• S21e-20
• S41-35/S41-70/S41-75
• TianYi 300
• U31-70U41-70
• V4000
• XiaoXin 700
• Y50-70/Y50-70 Touch
• Y50c
• Y700/Y700 Touch
• Y70-70 Touch
• Y900
• Yoga 2 
• YOGA 3 14
• Yoga 3 Pro
• Yoga 300
• YOGA 500/YOGA 510
• YOGA 700/YOGA 710/YOGA 900/YOGA 900S
• Z41-70
• Z51-70

Desktops:

• 50050C/50100E/50550A/50600I
• A3300
• A7300
• A8150
• B40
• C20
• C40
• C50
• C560
• D3000
• D5010/ D5050/ D5055
• F5005/ F5050/ F5055
• G5005/ G5010/ G5050/ G5055
• H3005
• H30-50
• H5005/ H5055
• H50-50
• IdeaCentre 200
• IdeaCentre 300/300S
• IdeaCentre 510/510S
• IdeaCentre 700
• M7300z
• M8300z/M8350z
• M9550z
• Yoga Home 500

This is not the first time that Lenovo’s pre-installed software has caused problems for users. Remember the Superfish adware fiasco from last year?