Lenovo, the Chinese PC maker from Beijing was caught indulging in installation of unwanted software on its machines for the second time in this year. Earlier this year, in Feb’15, the PC maker was found shipping its Windows powered PC and laptops with an adware called “Superfish”. Now the company was caught indulging in surreptitious installation of certain programs in a large number of Lenovo PCs and laptops in a bundled format.
After the revelation of its secret software installation this month, the PC maker went through a lot of criticism on social media. Reacting to those posts, the company has now urged its users to download the latest BIOS firmware update that disables controversial unwanted software from its machines. The download is free and is available on its official website. The company has also put some instruction to help its users install the update on their machine.
In July this year many Lenovo PC and Laptop users started to report that the PC manufacturer was using a “rootkit” technique to forcefully install a bunch of software on its windows PCs and laptops. The company was reported to be using BIOS to keep track of certain applications on Windows system files and overwrite it on boot-up with its in-house alternative called Lenovo Service Engine (LSE). Furthermore, vulnerability was found in the way the company was tweaking the bios after LSE installation. The vulnerability, when exploited by a hacker, allows them to gain access to the system and install malicious code.
On July 31st, 2015, Lenovo issued a patch to fix this issue. But since, it was a manual installation, many weren’t aware of it.
On Monday, the renowned PC maker made a public announcement in which it mentioned that on July 31st, 2015 it has issued an update to bios, which after installation will disable the script which allowed auto-reinstallation of unwanted software even after a windows OS wipeout completely.
The full list of impacted products was issued by Lenovo and the list is as follows-
Lenovo notebooks: Flex 2 Pro 15 (Broadwell), Flex 2 Pro 15 (Haswell), Flex 3 1120, Flex 3 1470/ 1570, G40-80/ G50-80/ G50-80 Touch, S41-70/ U41-70, S435/ M40-35, V3000, Y40-80, Yoga 3 11, Yoga 3 14, Z41-70/ Z51-70, Z70-80/ G70-80.
Lenovo desktops (world wide): A540/ A740, B4030, B5030, B5035, B750, H3000, H3050, H5000, H5050, H5055, Horizon 2 27, Horizon 2e (Yoga Home 500), Horizon 2S, C260, C2005, C2030, C4005, C4030, C5030, X310 (A78), X315 (B85).
Lenovo desktops (China only): D3000, D5050, D5055, F5000, F5050, F5055, G5000, G5050, G5055, YT A5700k, YT A7700k, YT M2620n, YT M5310n, YT M5790n, YT M7100n, YT S4005, YT S4030, YT S4040, YT S5030.
Note- all those laptops which were shipped after June 2015 aren’t affected with the said vulnerability of secret installation of bundled software.