This Security Bulletin addresses a vulnerability in Rescue and Recovery version 4.20. This vulnerability could allow an attacker to run code with elevated privileges on the affected system. This vulnerability has been assigned a serious severity rating. It is recommended that users update to the most current version of Lenovo Rescue and Recovery available.
Systems with the following versions of Rescue and Recovery installed:
- Lenovo Rescue and Recovery 4.20.0512 Vista
- Lenovo Rescue and Recovery 4.20.0511 XP and 2000
Lenovo Rescue and Recovery on Windows
Lenovo strongly recommends upgrading to Lenovo Rescue and Recovery 4.21, available from the following site:
Lenovo would like to thank ISec Partners for reporting the vulnerability described in CVE-2006-5857 and for working with us to help protect our customers' security.
Copyright © 2008 Lenovo. All rights reserved.