Lenovo Security Advisory: LEN-11340
**Potential Impact:**Privilege Escalation
Severity: High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2016-8235
Summary Description:
An unquoted service path vulnerability was identified in the Lenovo Customer Care Software Development Kit (CCSDK) that could allow a user with local privileges on a system to execute code with administrative privileges.
The Customer Care Software Development Kit (CCSDK) on Lenovo Desktop and Lenovo Notebook systems provides anonymous, non-personally identifiable diagnostic device data to Lenovo to help Lenovo improve both existing and future products.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update CCSDK to version 2.0.16.3 or later by opening Lenovo System Update, clicking on βGet new updatesβ and following the prompts to update to the latest version of CCSDK. Users can also manually update by following the instructions at the link here.
Steps to verify that you are running the latest version of CCSDK:
In Windows 7, open Programs and Features by clicking the Start button, clickingControl Panel, clickingPrograms, and then clickingPrograms and Features.