Lenovo has been in the headlines since last night for all the bad reasons. It was reported that Lenovo shipped many laptops with a menace named Superfish which is a severe threat to Windows cryptographic security. The adware which came pre-installed with the laptops turned every HTTP pages into unsafe ones. The probable reason has been chalked out to be man-in-the-middle (MITM) attacks where this Superfish was found to use the Windows root key. It was still a matter of inquisition to figure out if all copies of Superfish in all machines use the same root key. Firefox has claimed to be out of danger although some discrepancies were found there also. Now the question lay if Superfish was that powerful to interfere in Firefox which does not use Windows root keys.
However, Lenovo is trying hard to win back the lost reputation but since the vulnerability has been caused via Windows root keys, Microsoft has entered into the scene and immediately launched an update in the Windows Defender, The updates version will be able to kill all potentially harmful Superfish. This is seriously a great life saving step taken by Microsoft. Lenovo incorporated these , but engineered a massive security catastrophe for its users. The use of a single certificate for all of the MITM attacks means that all HTTPS security for at least Internet Explorer, Chrome, and Safari for Windows, on all of these Lenovo laptops, is now broken.
This is to make all users who own a Lenovo laptop with Windows OS in it, update Windows Defender app and run the scan function to make sure that any Superfish adware, if exists, are killed completely.
