Darren Kemp who is a researcher with Duo Labs recently wrote that for a network attacker, the obvious target is said to be Updaters. It has been seen that a lot of attacks have been published against package management tools and updaters in the past. So based on this, we can expect OEM’s to learn from this.
As per what was noted by Kemp in regards to the notebooks of Windows 10 form Lenovo, HP, Dell, Asus and Acer, it was found a preinstalled updater was shipped by every vender that had at least one vulnerability. This resulted to the execution of the arbitrary remote code as SYSTEM. This is because the complete compromise of the affected machine was allowed. He also added Even though the users had activated the settings for data privacy, it was seen that unknown data was still been sent to the servers of Microsoft by Windows 10.
Lenovo which is known to be the largest Android smartphone and Windows PC maker has made a recommendation to their customers that the Lenovo Accelerator Application should be uninstalled. This should be done by going to Windows 10‘s Apps and Features application and select the Accelerator Application of Lenovo and uninstall it. Update Agent, which is one of Lenovo Accelerator Application component is said to be the worst updaters as per Duo Labs. The reason behind this is due to the fact that every 10 minutes, the servers of Lenovo are pinged. Threat Post also noted in their report that due to the fact that there is no encryption or verification for the protection of the update transmission, there is a way for a malicious code to be inserted by an attacker. They also went on to say, that this particular issue is not just with Lenovo, however it is also to the other venders.
