In the wake of Duo Security’s report on the critical vulnerabilities sported by Original Equipment Manufacturer (OEM) updaters loaded on popular laptop and desktop computers, Lenovo has advised users to uninstall its Accelerator Application.
“The vulnerability (CVE-2016-3944) resides within the update mechanism where a Lenovo server is queried to identify if application updates are available,” the company explained.
The flaw can be exploited by an attacker with local network access to perform remote code execution and take over control of the machine.
Original Source: Help Net Security
View the full story here