Click image for larger version. 

Name:	lenovo-patches-security-holes-in-its-system-update-tool.jpg 
Views:	28 
Size:	9.2 KB 
ID:	50776

Attackers could have gained access to administrator accounts

Lenovo announced security updates to its ThinkVantage tool that comes pre-installed on all of the company's laptops. This latest update addresses two privilege escalation vulnerabilities discovered by IOActive.

ThinkVantage System Update is a software package that Lenovo says it will help users save time and effort needed to always fetch the latest drivers, BIOS, and other applications for their Think or Lenovo systems.

Attackers can predict the username and password of an administrator account

IOActive researchers found two flaws in ThinkVantage 5.07.0013 that allowed attackers to spawn admin-level processes on affected devices. Both issues have the same cause, a temporary administrator account created during the installation of the ThinkVantage package, account that was never deleted afterwards.
Read more: