Attackers could have gained access to administrator accounts
Lenovo announced security updates to its ThinkVantage tool that comes pre-installed on all of the company's laptops. This latest update addresses two privilege escalation vulnerabilities discovered by IOActive.
ThinkVantage System Update is a software package that Lenovo says it will help users save time and effort needed to always fetch the latest drivers, BIOS, and other applications for their Think or Lenovo systems.
Attackers can predict the username and password of an administrator account
IOActive researchers found two flaws in ThinkVantage 5.07.0013 that allowed attackers to spawn admin-level processes on affected devices. Both issues have the same cause, a temporary administrator account created during the installation of the ThinkVantage package, account that was never deleted afterwards.