Last year, Lenovo faced a great deal of criticism in regard to how the PCs it manufactured came with the adware Superfish pre-installed on their systems. Now the company is facing a similar backlash from consumers as a result of its own software.
The Lenovo Solution Centre (LSC) software that ships with every new computer made by the company has been found to have a vulnerability that puts every one of its PCs at risk of an attack. If an attacker is able to gain local network access to one of the company's PCs, they could exploit this newly discovered security flaw to execute arbitrary code.
Lenovo designed LSC to monitor the overall health of its PCs. The software is able to check for driver updates in addition to monitoring the battery and firewall of a device. LSC is pre-installed on most of Lenovo's desktop and laptop PCs including consumer and business devices.
The company has released a fix to prevent the vulnerability from being exploited and has made it available on its website. A spokesperson from Lenovo has released a statement regarding how it plans on dealing with this potentially devastating security flaw: “In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it.”
While Lenovo has managed to fix the vulnerability, this incident has come at a time when consumers have not yet forgotten the Superfish incident. Repeating the same mistake one year later is an easy way to lose whatever trust the company had regained from consumers.