Lenovo has urged users to uninstall bloatware bundled on Windows 10 devices by the company after critical security holes were discovered.
This week, the Chinese PC maker said in a security advisory a vulnerability within the company's Lenovo Accelerator Application software is a "high severity" problem which could give attackers the avenue to launch man-in-the-middle (MITM) attacks against users.
MITM attacks occur when a vulnerable machine has been infected with malware which contains surveillance capabilities or a vulnerable web browser is communicating with an insecure server. This type of attack, unlike adware, may not show visible signs that your communication or activities are being monitored -- but everything from financial details to user credentials can be intercepted and stolen, leading to remote code execution or device hijacking.
In the case of Lenovo's Accelerator software -- which is meant to speed up the launch of some Lenovo applications -- the vulnerability lies within the "update mechanism where a Lenovo server is queried to identify if application updates are available." Some may call the software value-added, but it is often known as bloatware or crapware and is not required to run a system properly and so can safely be removed.
Dubbed CVE-2016-3944, DuoLabs first discovered the vulnerability in original equipment manufacturers (OEM) updaters also developed by Asus, Acer, Dell and Hewlett-Packard. The Lenovo security flaw is present in a number of notebook and desktop systems preloaded with Microsoft's Windows 10 operating system.
The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the 'Apps and Features' application in Windows 10, selecting the Lenovo Accelerator Application and clicking on "Uninstall." It should be mentioned that Lenovo was accused of installing adware, called Superfish, on new PCs.