First published: Tue Jun 09 2020(Updated: )
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo installation package | <1.2.9.3 |
To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.