Lenovo Fingerprint Manger has a local privilege escalation vulnerability. This vulnerability cannot be remotely exploited. A local user logged in to the PC could escalate their privileges by running an executable with administrator rights.

• Starting from April 15, 2015, run Lenovo System Update and install the recommended Fingerprint Manager software update
• Make sure you have the latest version of the software installed on your computer. The minimum version of Fingerprint Manager that corrects the problem is version 8.01.42 or later. You can find the latest version of the software at http://support.lenovo.com/downloads/ds034486.
• Alternatively, if you are not using the Fingerprint Manager, you may uninstall this software using the following steps:
   
  1. Open Control Panel
  2. Click on "Programs"
  3. Click on "Uninstall a Program"
  4. In the list of installed programs, find "Fingerprint Manager" and then click on the "Uninstall" button

• ThinkCentre E32
• ThinkCentre E79
• ThinkCentre M73, M73z
• ThinkCentre M78
• ThinkCentre M79
• ThinkCentre M83
• ThinkCentre M93, M93p, M93z
• ThinkPad T440, T440p, T440s, T450, T450s
• ThinkPad T540, T540p, T550
• ThinkPad W540, W541, W550, W550s
• ThinkPad X1 Carbon series
• ThinkPad X240, X240s, X250
• ThinkStation P300

To determine if you are affected, open Control Panel and go to add/remove programs. If you are running an earlier version than 8.01.42, please update to the latest version of Fingerprint Manager using the steps in the Mitigation Strategy section.