Vulnerability cyber

Lenovo

Jul 7, 2025 1 min read
Lenovo

A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. Key takeaways include the writable MFGSTAT.zip file bypassing AppLocker security due to incorrect permissions, the use of Alternate Data Streams to hide executables, and the persistence of the vulnerability from 2019 to 2025. Mitigation strategies involve removing the vulnerable file using PowerShell or other enterprise management tools.

Source: https://cybersecuritynews.com/writable-file-in-lenovos-windows-directory/

TPRM report: https://scoringcyber.rankiteo.com/company/lenovo

"id": "len749070725",
"linkid": "lenovo",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Lenovo',
                        'type': 'Corporation'}],
 'attack_vector': 'Alternate Data Streams (ADS)',
 'date_detected': '2019',
 'description': 'A significant security vulnerability has been discovered in '
                'Lenovo’s preloaded Windows operating systems, where a '
                'writable file in the Windows directory enables attackers to '
                'bypass Microsoft’s AppLocker security framework.',
 'impact': {'systems_affected': ['All Lenovo machines with preloaded Windows']},
 'lessons_learned': 'The importance of comprehensive filesystem auditing when '
                    'implementing AppLocker deployments.',
 'post_incident_analysis': {'corrective_actions': ['Remove the vulnerable file',
                                                   'Use enterprise management '
                                                   'tools for systematic '
                                                   'removal'],
                            'root_causes': 'Incorrect file permissions on '
                                           'MFGSTAT.zip'},
 'recommendations': ['Remove the vulnerable file using PowerShell or Command '
                     'Prompt',
                     'Use enterprise management tools like Group Policy '
                     'Preferences or SCCM'],
 'references': [{'source': 'TrustedSec'}],
 'response': {'containment_measures': ['Remove the vulnerable file using '
                                       'PowerShell or Command Prompt'],
              'remediation_measures': ['Use enterprise management tools like '
                                       'Group Policy Preferences or SCCM']},
 'title': 'Lenovo Preloaded Windows Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'Writable MFGSTAT.zip file with incorrect '
                            'permissions'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.