Lenovo is advising users of its Windows 10 laptops and desktops to uninstall the Accelerator Application software, which comes pre-loaded on its devices.
The company revealed in an advisory note that the auto update feature for the software is vulnerable to hacking as it can potentially be exploited by a "man-in-the-middle" (MitM) attack. Several desktop PCs and laptops from the company are susceptible to this attack — the Yoga lineup included — which basically renders the device open to hacking or clandestine malware installation.
Therefore, it has recommended that users uninstall the Accelerator Application.
"The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available. Lenovo recommends customers uninstall Lenovo Accelerator Application," notes the company.
The advisory note from the company was published on May 31, the same day when researchers from Duo Security shared a detailed report where they tested the security of several driver updaters, which come pre-loaded on the devices of the top five laptop OEMs.
The researchers tested out laptops from HP, Lenovo, Asus, Acer and Dell and discovered that all of these were vulnerable to remote code execution (RCE) and MitM attacks. The team tested Lenovo's Update Agent, and the Lenovo Solution Center and also chanced across the Accelerator Application's bug.
Researcher Mikhail Davidov contacted Lenovo to relay the discovery of the app making users of its device vulnerable to MitM attacks.
Lenovo took action and, instead of fixing the bug with an update, chose to remove the Accelerator Application completely. The company now asks users to completely uninstall it.
To uninstall the app, users need to head to Apps and Features in Windows 10. Select the Lenovo Accelerator Application and click Uninstall.
The Lenovo devices which are affected are listed below.
Lenovo Notebook Systems:
305
700
300S
500/500S
B40-30/B40-45/B40-45/B40-80
B41-30/B41-35/B41-80
B50-30/B50-30 Touch/B50-45/B50-80/B51-30/B51-35/B51-80
E31-70/E31-80/E40-30/E40-80/E41-80/E50-30/E50-80/E51-80
Edge 15
Edge 2-1580
Erazer N40-30/Erazer N40-45
Erazer N50-45/Erazer N50-45
Erazer Z41-70
Erazer Z51-70
FLEX 2 Pro
FLEX 3
FLEX 4
K20-80
K21-80
K41-70/K41-80
M41-70
M51-80
MIIX 3
MIIX 700
N41-35
N51-35
S21e-20
S41-35/S41-70/S41-75
TianYi 300
U31-70
U41-70
V4000
XiaoXin 700
Y50-70/Y50-70 Touch
Y50c
Y700/Y700 Touch
Y70-70 Touch
Y900
Yoga 2
YOGA 3 14
Yoga 3 Pro
Yoga 300
YOGA 500/YOGA 510
YOGA 700/YOGA 710/YOGA 900/YOGA 900S
Z41-70
Z51-70
Lenovo Desktop Systems:
50050C/50100E/50550A/50600I
A3300
A7300
A8150
B40
C20
C40
C50
C560
D3000
D5010/ D5050/ D5055
F5005/ F5050/ F5055
G5005/ G5010/ G5050/ G5055
H3005
H30-50
H5005/ H5055
H50-50
IdeaCentre 200
IdeaCentre 300/300S
IdeaCentre 510/510S
IdeaCentre 700
M7300z
M8300z/M8350z
M9550z
Yoga Home 500
