Lenovo System Update Vulnerability Mitigation

Lenovo’s development and security teams worked directly with IOActive regarding their Lenovo System Update vulnerability findings, and we value their expertise in identifying and responsibly reporting them. Lenovo released an updated version of Lenovo System Update on April 1st, which resolves these vulnerabilities. We subsequently published a security advisory in coordination with IOActive at: https://support.lenovo.com/us/en/product_security/lsu_privilege
 
Existing installations of Lenovo System Update will prompt the user to automatically install the updated version of the program when the application is run. Alternatively, users may manually update System Update as described in the security advisory. Lenovo recommends that all users update System Update to eliminate the vulnerabilities reported by IOActive. In general, Lenovo encourages its users to keep their systems up to date by allowing automatic updates to run when prompted.
 

You must be logged in to view this item.

This area is reserved for members of the news media. If you qualify, please update your user profile and check the box marked "Check here to register as an accredited member of the news media". Please include any notes in the "Supporting information for media credentials" box. We will notify you of your status via e-mail in one business day.