Top Windows OEM Lenovo Urges Customers To Uninstall Accelerator Application

Two-Factor Authentication service Duo Security reported earlier that third-party updating tools found on Dell, HP, Lenovo, Acer, and Asus (the top five Windows OEMs) are vulnerable to man-in-the-middle attack. Hours later, Lenovo, the world's largest Windows OEM by shipment figure, has issued an advisory in which it urges users to uninstall Accelerator Application, which comes preinstalled on many of its laptops and desktops models. Fortune reports: Specifically, as Lenovo said in an advisory notice, the auto-update feature in its Accelerator Application software can be exploited by a "man-in-the-middle attack" -- someone could get in between the computer and the server pushing out the updated software, fooling the computer into installing a fake version of the update instead of the genuine article. Such attacks can allow anything from surreptitious malware installation to the insertion of surveillance capabilities, or even the hijacking of PCs.

That's one way to stop bloatware!

[ErichTheRed]

I wouldn't be surprised if more attacks don't start targeting the installed-by-default bloatware on most home and some business PCs. From what I've seen, these steaming piles are usually written by the cheapest offshore dev place the vendor could find, or are licensed reskinned third-party applications using a million out of date components. The good news is that there are fewer vendor-specific tools absolutely _required_ to run hardware on a Windows laptop anymore because Microsoft provides native controls for most components in Windows 10. The bad news is that the few that remain required are very tied to the hardware and probably have a lot of privilege use on the system that people don't know about. Just look at what happens on some HP laptops when you press the Volume or Brightness keys -- CPU spikes for a few seconds while Windows loads whatever .NET module HP wrote to talk to the device driver and tell it to do its thing. I doubt any of that interaction is heavily audited or even well tested before it goes out.

All the more reason to just wipe the machine and install a clean OS build from scratch when you get it!

Re:That's one way to stop bloatware!

[U2xhc2hkb3QgU3Vja3M]

"The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant - meaning, trivial."

That sounds like something Douglas Adams would have wrote.

Accelerator Application Application?

[jddj]

The app so nice, they had to name it twice?

Or maybe it's an Application Application because of two-factor?

Lenovo Laptops

[CrashNBrn]

NTLite + (Windows10 ISO | Insider Preview ISO) + slipstreamed Lenovo Drivers + create ISO.
Rufus to USB Stick (GPT Partition Scheme, FAT32).
Clean Install Windows 10. Change License key to: VK7JG-NPHTM-C97JM-9MPGT-3V66T
Change License key to purchased Windows 10 Pro key. Register.

Don't even bother trying to use the recommended Media Creation Tool. When you have a OEM Windows machine it appears to ALWAYS fail to actually create the media (usb stick).

Re: Doubledy Dupey Drats

[GreenEnvy22]

Almost impossible like this for Windows 8: http://windows.microsoft.com/e... And this for Windows 10: http://www.microsoft.com/en-ca... It's come a long way since windows 7 and earlier.

Re:This headline brought to you by...

[U2xhc2hkb3QgU3Vja3M]

You know we're all in big trouble once the Department of recursivity department merges with the Department of redundancy department.

Re:Not Bloatware, SubsidyWare

[pete6677]

The more expensive laptops still have all the same shit installed. Nice troll.