1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lenovo's Service Engine marks yet another bloatware blunder for the company

Discussion in 'CSO' started by RSS, Aug 12, 2015.

  1. RSS

    RSS New Member Member

    Lenovo isn’t doing its reputation any favors with the discovery of another security issue around its pre-loaded PC software.

    The latest issue relates to a “feature” in Lenovo’s BIOS firmware that automatically downloads Lenovo software and services, even if the user has performed a clean install of Windows. Microsoft actually allows this practice, but Lenovo’s particular implementation—dubbed “Lenovo Service Engine”—led to a security vulnerability, which an independent security researcher discovered in the April to May timeframe.

    In response, Microsoft has put out security guidelines for this BIOS technique, which it calls the “Windows Platform Binary Table.” Because Lenovo Service Engine doesn’t meet those guidelines, Lenovo has stripped the tool from its BIOS firmware in all PCs shipped after June. The company has also released a special disabler tool, and on July 31 released a BIOS update to remove the tool from existing PCs. Dozens of consumer laptop and desktop models are affected, but Lenovo says its Think-brand PCs are not.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page