Samsung recently hijacked Windows' update process and faced criticism. Now Lenovo seems to have done somthing similar, as some Lenovo PCs running Windows 7 and 8 had firmware that automatically downloaded and installed Lenovo's own update software on boot, overwriting a Windows system file. But the real thread was the fact that the download could occur if you wiped the system clean. So long as you were reinstalling a compatible version of Windows in the first place, those Lenovo apps would return.

Lenovo aknowledged the issue and recently released an optional patch that removes the offending code.

Lenovo Service Engine (LSE) is a utility in the BIOS that helps users download a program called OneKey Optimizer (http://support.lenovo.com/us/en/downloads/ds101321) on certain Lenovo Notebook systems. The utility also sends non-personally identifiable system data to Lenovo servers.

Lenovo, Microsoft and an independent researcher have discovered possible ways this program could be exploited by an attacker, including a buffer overflow attack and an attempted connection to a Lenovo test server.

LSE uses the Microsoft Windows Platform Binary Table (WPBT) capability. Microsoft has recently released updated security guidelines on how to best implement this feature. Lenovo’s use of LSE was not consistent with these guidelines and Lenovo recommends customers disable this utility by running a disabler program that disables LSE and removes the LSE files from the system.

LSE was shipped on certain notebook systems running Windows 7, 8 and 8.1.