Jump to content
Sign in to follow this  
bp9801

Lenovo Once Again Stuffs Junkware On Its Computers; Tool Available to Remove It

Recommended Posts

Remember earlier this year when Lenovo found itself in hot water over the Superfish software pre-installed on its computers that could leave the system open to attack? And how a class-action lawsuit was then filed over the matter? Well, evidently Lenovo did not learn its lesson then, as a new piece of pre-installed software has been discovered in certain Lenovo computers. This software is a little more nasty, as it functions more like a rootkit in that it will install itself back onto your Lenovo computer despite removing it or even doing a clean install of Windows. The problem lies in the fact this item is in the BIOS on the computers, and then runs before the Windows executable starts. This item, called the Lenovo Service Engine (LSE), checks on every boot up if it's installed, and if not, begins a quick and quiet reinstall.

Annoying? Yes. Possibly hazardous and dangerous? You better believe it. This LSE exploits Microsoft's Windows Platform Binary Table (WPBT) feature in order to run on the firmware, which is typically used by manufacturers and corporate IT to ensure drivers, programs, and the like into Windows. When used properly, WPBT helps protect the OS from dangerous exploits, even during a fresh install of Windows. However, LSE has a buffer-overflow vulnerability that can be used to gain administrator-level privileges to the system. That could open you up to a whole new level of security headaches, and is something that goes wholly against the purpose of WPBT. Lenovo first learned of this "bug," if you want to call it that, back in April, but didn't remove it from its computers until June.

Both laptops and desktops had LSE installed on it, but not any Think-brand models. If you purchased a new ThinkPad, you're fine, but if you had just a regular Lenovo laptop or desktop running Windows 7 or above (Windows 8/8.1 for desktops), there's a chance your computer had LSE installed. Any computers built between October 23, 2014, and April 10, 2015, could potentially have LSE on it. Anything before or after those dates should be fine. Lenovo has published a list of laptops and desktops affected with LSE, so do be sure to check if you've purchased a new Lenovo computer. In order to remove LSE from your affected computer, simply navigate here for laptops and here for desktops. Run the program and you should be clean and free.

It remains to be seen what kind of trouble Lenovo will face this time with LSE, and whether or not a class-action lawsuit will pop up as a result. It will also be interesting to see if Microsoft responds to how WPBT was used by Lenovo, and whether any other manufacturers are doing something similar that can leave users vulnerable.

Sources: Y Combinator Hacker News, The Register, and Lenovo



Back to original news post

Share this post


Link to post
Share on other sites

So what exactly does it do to make itself dangerous?

"LSE has a buffer-overflow vulnerability that can be used to gain administrator-level privileges to the system."

Share this post


Link to post
Share on other sites

Makes sense. Lenovo was originated in China. China is trying to be the hacking superpower. It helps when they have their companies make computers to allow easier access. I try to make sure I buy nothing that's China related. Not only do we have to worry about lead or bacteria in products, now it's computer hardware. Seriously, China is trying to secretly kill everyone. :P

Share this post


Link to post
Share on other sites
Sign in to follow this  

×