A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […] The post Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.
So not only does Lenovo hide executables in alternate data streams, that can be launched as if ran from within the Windows folder. It’s writable by logged in users. And it was first discovered six years ago, and is still there.
On top of that, Lenovo is apparently not going to release any patches, they’re just going to give out some “remediation guidance”.
I live on the other side of the world from their HQ, and I can hear the lawyers screaming and paralegals furiously typing.