Lenovo had to intervene in view of two serious security vulnerabilities in the standard software. The dangers for the entire PC system were simply too great. Now the company has pulled the ripcord with the help of a security update.
Yoga and ThinkPad affected
The vulnerability apparently does not affect any of the company’s niche products. Instead, the popular Yoga and ThinkPad series exhibited the relevant vulnerabilities. As a result of the holey security, it would apparently have been possible for attackers to secure admin privileges. If you own one of the affected devices, you can already breathe a sigh of relief. The security update that Lenovo has rolled out in the meantime is supposed to have automatically ensured that sufficient system security prevails again.
Installation of malware possible
No watertight statements can yet be made about the threat level, which exists due to a software called “Lenovo System Interface Foundation”. Only this much can be said: The default installed software, which is especially responsible for updating drivers, represents the threat level “high” according to the warning message. The source of danger is in the software’s “IMController”. This is supposed to enable cybercriminals to penetrate the system. The consequences can be manifold. For example, admin rights can be secured and malware installed in the course of this.
Trust is good, control is better…
Lenovo itself has meanwhile reassured its customers and assured them that the problem has been solved with the help of an automatic update. Many Lenovo users already report that this has been done reliably. However, if you are unsure, you can easily check whether your system has the latest version. To do this, simply check the path “C:\Windows\Lenovo\ImController\PluginHost\”. Once there, click your right mouse button and check the version of the “Lenovo.Modern.ImController.PluginHost.exe”. If this is version 1.1.20.3, you can breathe a sigh of relief.
