Wednesday, August 12, 2015

Lenovo uses hidden feature in Windows to install software – Pplware

[ Update: Added Lenovo's statements on this issue]

Lenovo has been involved in problems related to your software and how this is updated. The Superfish, has been resolved, but now there are new information about how the software is installed.

We have detected that this installation can be achieved even if the utilizares reinstall in their machines or even change the disks.

lenovo_1


now revealed discovery showed that Lenovo makes use of a poorly documented feature of Windows, so you can install it on their devices the software that is responsible for optimizing the system and the installation of specific software brand.

According to information revealed, machines that is completely reinstalled or have changed the discs continue to emerge with this software installed, without the users are aware of it or authorizing such action

To detect this situation , tests were made with a machine that consistently came with this software installed whenever it was removed or the operating system reinstalled.

deeper investigation revealed that Lenovo is using a little-known and poorly documented feature Windows that allows whenever the machine is started is made by the BIOS a check of the creators of a given file (C: Windows system32 autochk.exe).

If this is not signed by Lenovo, it is replaced by one that is in the BIOS and then deal with the software installation process and other necessary files (LenovoUpdate.exe and LenovoCheck.exe).

Blame it on the Windows Platform Binary Table

The functionality that Lenovo uses was created by Microsoft and has the name “Windows Platform Binary Table”, and is intended to allow hardware makers can make the installation of software automatic and controlled manner, but the company requires that they are able to update these mechanisms in case of attack or security breach

 lenovo_2

And this is where the problems start Lenovo. Earlier this year was discovered a vulnerability in software that the brand is to be installed automatically on their computers, the Service Engine Lenovo.

The brand launched at the time a security update for this issue, stating that no software was installed automatically, but not guaranteed any automatic updating of the same.

In this way the Service Engine Lenovo remains installed, even if the user to remove it, keeping the security problems and the failure which are known.

Despite being a problem that was identified in the Lenovo machines, the problem certainly other manufacturers who use this method to ensure that your software is installed even that users can remove it.

If you want to solve every problem with the Lenovo computers, the brand offers a BIOS update that comes from him permanently. This can get updates through this link.

[Update]

Below you can find the statements Lenovo on this issue that is affecting your machines.

Official Declaration Lenovo

Lenovo Statement on Lenovo Service Engine (LSE) BIOS

In the April – May timeframe, Lenovo made available new BIOS firmware is some of its consumer PCs que que eliminated the security vulnerability was discovered and expresso to its attention by an independent security researcher, Roel Schouwenberg. In coordination with Mr. Schouwenberg and in line with industry best practice Responsible disclosure, on July 31, 2015, we Issued Lenovo Product Security Advisories , that highlighted the new BIOS firmware – Specifically for consumer Notebook and Desktop . Lenovo always strongly recommends users update que Their systems with the latest BIOS firmware. Starting in June, the new BIOS firmware Has Been installed on all newly manufactured Lenovo consumer notebook and desktop systems.

The vulnerability was linked to the Lenovo way Utilized Microsoft Windows mechanism in a feature found in its BIOS firmware called Lenovo Service Engine (LSE) que was installed in some Lenovo consumer PCs. Think-brand PCs are unaffected. Along with this security researcher, Lenovo and Microsoft have discovered possible ways this program Could be exploited in the Lenovo Notebook implementation by an attacker, including a buffer overflow attack and an attempted connection to Lenovo test server.

As a result of these findings, Microsoft recently released updated security guidelines ( see page 10 of this linked PDF) on how to best implement this Windows BIOS feature. Lenovo’s use of LSE was not consistent with these new guidelines. As a result, LSE is no longer being installed on Lenovo systems. It is strongly recommended que customers update Their systems with the new BIOS firmware Which disables and removes or this feature.

LSE was shipped on some Lenovo -branded notebook systems running Windows 7, 8 and 8.1 and desktop systems running Windows 8 and 8.1 as listed below. The software does not come loaded on any Think-branded PCs

List of affected Lenovo Products:.

Lenovo Notebook

  • Flex 2 Pro 15 (Broadwell)
  • Flex 2 Pro 15 (Haswell)
  • Flex 3 1120
  • Flex 3 1470/1570
  • G40-80 / G50-80 / G50-80 Touch
  • S41-70 / U41-70
  • S435 / M40-35
  • V3000
  • Y40-80
  • Yoga 3 11
  • Yoga 3 14
  • Z41-70 / Z51-70
  • Z70-80 / G70-80

Lenovo Desktop – World Wide

  • A540 / A740
  • B4030
  • B5030
  • B5035
  • B750
  • H3000
  • H3050
  • H5000
  • H5050
  • H5055
  • 2 Horizon 27
  • Horizon 2e (Yoga Home 500)
  • Horizon 2S
  • C260
  • C2005
  • C2030
  • C4005
  • C4030
  • C5030
  • X310 (A78)
  • X315 (B85)


Lenovo Desktop – China Only

  • D3000
  • D5050
  • D5055
  • F5000
  • F5050
  • F5055
  • G5000
  • G5050
  • G5055
  • YT A5700k
  • YT A7700k
  • YT M2620n
  • YT M5310n
  • YT M5790n
  • YT M7100n
  • YT S4005
  • YT S4030
  • YT S4040
  • YT S5030
LikeTweet

No comments:

Post a Comment