Lenovo accelerator application что это
Перейти к содержимому

Lenovo accelerator application что это

  • автор:

Lenovo Urges Windows 10 Users to Uninstall Dangerous Utility

Lenovo PC users: It’s time to fire up Add or Remove Programs. The company just put out an advisory warning to remove Lenovo Accelerator, a utility preinstalled on 115 different models of its Windows 10 desktops and notebooks that leaves users vulnerable to attack.

According to Lenovo, Accelerator «is used to speed up the launch of Lenovo applications,» but leaves users vulnerable to a man-in-the-middle attack. Man-in-the-middle attacks work on network transmissions sent without encryption, typically over a public Wi-Fi network or when a user accesses an unsecured website.

This warning was published on Tuesday (May 31), and came in the immediate aftermath of a report that denounced the evils of laptop bloatware from Ann Arbor, Michigan-based Duo Security. Keeping Lenovo’s Accelerator installed would likely allow malcontents to spy on your activity, as well as steal account IDs and passwords.

To see if your machine is affected, check out Lenovo’s full list of machines that have Accelerator preloaded . Lenovo’s advisory mentions only Windows 10, and it’s not clear whether this vulnerability also affects Lenovo computers that shipped with Windows 7 or Windows 8/8.1.

The bloatware report from Duo focused on manufacturer updater applications such Lenovo’s UpdateAgent. In its advisory, Lenovo did not specify whether UpdateAgent was involved, but noted that Accelerator’s vulnerability «resides within» the program’s «update mechanism where a Lenovo server is queried to identify if application updates are available.»

Of the manufacturers that Duo criticized for software updaters that create security vulnerabilities, only Lenovo and Dell have publicly taken steps to ameliorate the situation. HP, Asus and Acer have stayed silent, although HP’s own updaters were relatively well protected.

Duo’s advice for saving computers from bloatware is as complete as it is drastic. You can remove all that bloatware by wiping your hard drive, including any hidden partitions created by the manufacturer, and re-installing Windows from scratch.

To perform this task on a Windows 10 machine, you’ll need to create an installation thumb drive (you can make your own here ). Don’t worry about looking for the activation key on a sticker affixed to your machine — if the computer arrived with Windows 10 already installed, you can reinstall indefinitely without the key.

We’ve asked Lenovo for a comment regarding the vulnerability, and if Windows 7 or 8.1 users are affected, and will update this story if and when we receive a response.

UPDATE: In a statement to LaptopMag issued today (June 3), Lenovo said, «Security researchers at Duo Security recently notified Lenovo of a vulnerability in the Lenovo Accelerator Application software that could lead to exploitation by an attacker with man-in-the-middle capabilities. The vulnerability resides within the update mechanism.»

  • Best Antivirus Protection for PC, Mac and Android

Be In the Know

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Lenovo advises users to remove a vulnerable, pre-installed support tool

Levnovo recommends users remove an updater app shipped with some of its PCs.

Stephen Lawson

PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.

The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines.

The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.

This allows man-in-the-middle attackers who can intercept a user’s traffic — for example, on an insecure Wi-Fi network or through a compromised router — to trick LiveAgent into downloading and executing malware.

LiveAgent was one of the worst software updaters Duo Security identified, but the company found flaws in update tools from all five vendors it looked at: Acer, ASUSTeK Computer, Lenovo, Dell and HP.

«Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the ‘Apps and Features’ application in Windows 10, selecting Lenovo Accelerator Application and clicking on ‘Uninstall’,» Lenovo said in an advisory Tuesday.

The company plans to release a System Update removal utility soon, a Lenovo representative said in an emailed statement.

This is not the first time serious vulnerabilities have been found in the support tools and third-party applications preloaded by PC manufacturers on computers. The Duo Security researchers recommend installing a clean version of Windows on newly purchased systems.

Lucian Constantin is a senior writer at CSO, covering information security, privacy, and data protection.

Lenovo советует пользователям удалять уязвимый инструмент поддержки, предустановленный в их системах

Ангел Бэби Новые серии — Игра окончена (29 серия) Поучительные мультики для детей

Производитель ПК Lenovo рекомендует пользователям удалять приложение, предварительно загруженное на их компьютеры, поскольку оно содержит серьезную ошибку, которая может позволить злоумышленникам взять на себя их системы.

Уязвимый инструмент называется Lenovo Accelerator Application и предназначен для ускорения запуска других приложений Lenovo. Он был предустановлен на более чем 100 портативных и настольных моделях, поставляемых с Windows 10, но не те, что были из ThinkPad и ThinkStation.

Исчезновение было обнаружено исследователями из охранной фирмы Duo Security в рамках анализа средств обновления программного обеспечения OEM от пяти производителей ПК. Компания обнаружила, что процесс под названием LiveAgent, по-видимому, компонент обновления приложения Lenovo Accelerator, не использует зашифрованные соединения при проверке и загрузке обновлений. LiveAgent также не проверяет цифровые подписи загруженных файлов, прежде чем запускать их, сказали исследователи.

Это позволяет злоумышленникам, находящимся на месте могут перехватывать трафик пользователя — например, в небезопасной сети Wi-Fi или с помощью взломанного маршрутизатора — обманывать LiveAgent при загрузке и выполнении вредоносных программ.

LiveAgent был одним из худших обновлений программного обеспечения Duo Security, но компания обнаружила недостатки в инструментах обновления от всех пяти поставщиков: Acer, ASUSTeK Computer, Lenovo, Dell и HP.

«Lenovo рекомендует клиентам удалить приложение Lenovo Accelerator, перейдя в приложение« Приложения и компоненты »в Windows 10, выбрав Lenovo Accelerator Application и нажав «Uninstall», — говорится в сообщении Lenovo во вторник,

В ближайшее время компания планирует выпустить утилиту удаления System Update, представитель Lenovo сказал в заявлении по электронной почте.

Это не первый тайм e серьезные уязвимости были обнаружены в инструментах поддержки и сторонних приложениях, предварительно загруженных производителями ПК на компьютеры. Исследователи Duo Security рекомендуют устанавливать чистую версию Windows на недавно приобретенные системы.

Lenovo советует пользователям удалять уязвимый инструмент поддержки, предустановленный в их системах

Lenovo советует пользователям удалять уязвимый инструмент поддержки, предустановленный в их системах

Производитель ПК Lenovo рекомендует пользователям удалить приложение, предварительно загруженное на их компьютеры, потому что в нем есть недостаток высокой степени тяжести, который может позволить злоумышленникам завладеть своими системами.

Уязвимый инструмент поддержки Dell теперь обнаружен и помечен как опасное программное обеспечение

Уязвимый инструмент поддержки Dell теперь обнаружен и помечен как опасное программное обеспечение

Старые версии Dell System Detect содержат серьезную уязвимость, позволяющую хакерам установить вредоносное ПО на компьютерах пользователей.

Lenovo begs users to uninstall Accelerator app in the name of security

charlie-osborne

Lenovo has urged users to uninstall bloatware bundled on Windows 10 devices by the company after critical security holes were discovered.

This week, the Chinese PC maker said in a security advisory a vulnerability within the company’s Lenovo Accelerator Application software is a «high severity» problem which could give attackers the avenue to launch man-in-the-middle (MITM) attacks against users.

MITM attacks occur when a vulnerable machine has been infected with malware which contains surveillance capabilities or a vulnerable web browser is communicating with an insecure server.

This type of attack, unlike adware, may not show visible signs that your communication or activities are being monitored — but everything from financial details to user credentials can be intercepted and stolen, leading to remote code execution or device hijacking.

In the case of Lenovo’s Accelerator software — which is meant to speed up the launch of some Lenovo applications — the vulnerability lies within the «update mechanism where a Lenovo server is queried to identify if application updates are available.»

Some may call the software value-added, but it is often known as bloatware or crapware and is not required to run a system properly and so can safely be removed.

Dubbed CVE-2016-3944, DuoLabs first discovered the vulnerability in original equipment manufacturers (OEM) updaters also developed by Asus, Acer, Dell and Hewlett-Packard.

The Lenovo security flaw is present in a number of notebook and desktop systems preloaded with Microsoft’s Windows 10 operating system.

The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo’s IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw. You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the ‘Apps and Features’ application in Windows 10, selecting the Lenovo Accelerator Application and clicking on «Uninstall.»

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *