This week has been one that Lenovo would love to forget after it was discovered that software they were loading onto laptops opened a huge security hole in Windows. The adware, called Superfish, placed its own security certificate on your machine and intercepted encrypted traffic to inject advertisements, also known as a man-in-the-middle attack.
Thats the bad news and Lenovo is trying to backtrack and repair its brand image as the company has taken a serious reputation blow following this incident. Because of the nature of what Superfish did, it is a security threat to Windows and this is where Microsoft has stepped in.
Microsoft has pushed out an update to Windows Defender that kills Superfish. As you can see in the image at the top of this post, Windows Defender is removing the Superfish certificate and frying it like the piece of Carp that it is.
The good news is that this will help protect those who were not aware of issue or did not know how to remove the certificate. But, all is not perfect, as Filippo Valsorda notes on Twitter, the Firefox certificate remains in place.
If you have a Lenovo PC, or any PC for that matter, make sure to run Windows Defender frequently so that your machine is protected against these types of threats. While we hope that no other OEM will go down this route, with margins slim on hardware, it seems these vendors are always looking for ways to boost revenue with each device they sell, no matter the method.