Via a statement on its website, Lenovo is now recommending users to uninstall the Accelerator app, which the company forcibly shoved down their throats when it shipped it by default with a large number of new laptops that came preinstalled with Windows 10.
Lenovo published the advisory on May 31, on the same day that security researchers from Duo Security released ain which they decided to test the security of various driver updaters that came preinstalled on the systems of today’s top five laptop OEMs.
Lenovo Accelerator bug discovered during an industry-wide scan
Duo experts tested laptops from Acer, Asus, Dell, Hewlett-Packard (HP), and Lenovo, and they said they found them all susceptible to RCE (remote code execution) and MitM (Man-in-the-Middle) attacks.
For Lenovo, the researchers tested the Lenovo Solution Center and the Lenovo Update Agent. It appears that during their research, they also came across the Lenovo Accelerator app, an application used to speed up the launch of other Lenovo applications.
From, it looks that during Duo’s tests, its researcher, Mikhail Davidov, had discovered an issue in this application as well and contacted the company.
According to Davidov’s discovery, the Accelerator app was exposing users to MitM attacks every time it queried the Lenovo servers to check for new updates.
Lenovo decides to kill the app instead of fixing it
Instead of trying to fix it, like it did numerous times with the, Lenovo just decided to pull the plug on the entire app and is now telling all users to uninstall it altogether.
“ Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the “Apps and Features” application in Windows 10, selecting Lenovo Accelerator Application and clicking on “Uninstall”. ”
Below is a list of Lenovo notebooks and desktop systems where the Lenovo Accelerator has been bundled on Windows 10 distributions.