Lenovo Company Cyber Security Posture
lenovo.comLenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the worldโs largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (data center, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovoโs continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). To find out more visit https://www.lenovo.com, and read about the latest news via our StoryHub at https://news.lenovo.com/. To learn more about our career opportunities, visit our careers page at http://jobs.lenovo.com/.
Lenovo Company Details
lenovo
43543 employees
1117994.0
541
IT Services and IT Consulting
lenovo.com
Scan still pending
LEN_3024493
In-progress
Lenovo Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Lenovo Global Score.png)
Lenovo Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Lenovo Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Lenovo | Vulnerability | 100 | 5 | 12/2024 | LEN001120824 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Lenovo devices running on vulnerable Insyde firmware were targeted by the BootKitty Linux UEFI bootkit exploiting the LogoFAIL flaws (CVE-2023-40238). BootKitty bypassed UEFI Secure Boot by injecting rogue certificates and exploiting vulnerabilities in UEFI image-parsing components through tampered BMP files. The bootkit was capable of disabling kernel signature verification, preloading malicious binaries, and targeting specific Ubuntu versions. Despite available security patches, many devices remained at risk. The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field. | |||||||
| Lenovo | Vulnerability | 25 | 1 | 7/2025 | LEN749070725 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: A significant security vulnerability has been discovered in Lenovoโs preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoftโs AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. Key takeaways include the writable MFGSTAT.zip file bypassing AppLocker security due to incorrect permissions, the use of Alternate Data Streams to hide executables, and the persistence of the vulnerability from 2019 to 2025. Mitigation strategies involve removing the vulnerable file using PowerShell or other enterprise management tools. | |||||||
Lenovo Company Subsidiaries
Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the worldโs largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (data center, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovoโs continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). To find out more visit https://www.lenovo.com, and read about the latest news via our StoryHub at https://news.lenovo.com/. To learn more about our career opportunities, visit our careers page at http://jobs.lenovo.com/.
Access Data Using Our API
Get company history
Rapid.png)
Lenovo Cyber Security News
Lenovo recognized for excellence in cyber protection by 2025 Fortress Cybersecurity Awards
Lenovo trusted solutions and expert leadership earn industry honors for safeguarding data, devices, and supply chains.
Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions
A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directoryย ...
Lenovo and Intel Collaborate on ThinkShield Build Assure to Enhance Supply Chain Cyber Security
Lenovo oversees the security of suppliers who build intelligent components, making sure they conform to rigorous guidelines and best practices.
Reality check: Lenovoโs enterprise predictions for 2025 under the microscope
The latest data reveals that AI investment in Australia and New Zealand (ANZ) has increased fourfold over the year, outpacing the Asia-Pacificย ...
Considering the Convergence of Cybersecurity and AI
While business leaders and consumers have growing concerns over new security threats empowered by AI, cybersecurity professionals are eagerย ...
Lenovo anounced new Lenovo ThinkShield Solutions offering
Lenovo announced the introduction of ThinkShield Solutions, security offerings tailored to protect small and medium sized business (SMBs), schools, and otherย ...
Is Lenovo a blind spot in US anti-China security measures?
Lenovo is apparently trusted, while other Chinese companies are not, but nobody in a position to know why seems to want to talk about it.
SentinelOne, Lenovo Ink Collaboration to Integrate AI-Powered Security into Millions of Devices
By working with market leaders like Lenovo, we can rapidly scale AI-powered security to millions of PCs and servers across the globe. It's an opportunity forย ...
Lenovo Aims to Strengthen Laptop Security Amid Rising Cyber Threats
Discover how Lenovo is enhancing laptop security measures in response to increasing cyber threats to protect users and their dataย ...
Lenovo Similar Companies
Zebra Technologies
Zebra (NASDAQ: ZBRA) helps organizations monitor, anticipate, and accelerate workflows by empowering their frontline and ensuring that everyone and everything is visible, connected and fully optimized. Our award-winning portfolio spans software to innovations in robotics, machine vision, automation
Matrix
Matrix is the leading technology services company with 12,000 employees worldwide. Since its foundation in 2001, Matrix has made more than 100 mergers and acquisitions and has executed some of the largest IT projects in Israel. The company specializes in the implementation and development of leading
Peraton
Do the can't be done. At Peraton, we're at the forefront of delivering the next big thing every day. We're the partner of choice to help solve some of the world's most daunting challenges, delivering bold, new solutions to keep people around the world safer and more secure. How do we do it? By thi
Accenture Brasil
A Accenture โยฉ uma empresa lโโ der global de serviโรos profissionais que ajuda grandes companhias, governos e outras organizaโรโยตes a construir sua essโโขncia digital, otimizar suas operaโรโยตes, acelerar o crescimento das receitas e aprimorar serviโรos ao cidadโยฃo โรรฌ criando valor tangโโ vel com veloc
CDW
At CDW, we know how to make technology work so people can do great things. Our experts bring a full-stack, full-lifestyle approach with custom solutions, services and relationships to bring your vision to life. Through decades of experience, scale, and deep industry expertise, we deliver the full
Zensar Technologies
Zensar stands out as a premier technology consulting and services company, embracing an โexperience-led everythingโ philosophy. We are creators, thinkers, and problem solvers passionate about designing digital experiences that are engineered into scale-ready products, services, and solutions to deli
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Lenovo CyberSecurity History Information
How many cyber incidents has Lenovo faced?
Total Incidents: According to Rankiteo, Lenovo has faced 2 incidents in the past.
What types of cybersecurity incidents have occurred at Lenovo?
Incident Types: The types of cybersecurity incidents that have occurred incidents Vulnerability.
How does Lenovo detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through containment measures with Remove the vulnerable file using PowerShell or Command Prompt and remediation measures with Use enterprise management tools like Group Policy Preferences or SCCM.
Incident Details
Can you provide details on each incident?
Incident : Vulnerability Exploitation
Title: Lenovo Preloaded Windows Vulnerability
Description: A significant security vulnerability has been discovered in Lenovoโs preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoftโs AppLocker security framework.
Date Detected: 2019
Type: Vulnerability Exploitation
Attack Vector: Alternate Data Streams (ADS)
Vulnerability Exploited: Writable MFGSTAT.zip file with incorrect permissions
Incident : UEFI Bootkit
Title: Lenovo Devices Targeted by BootKitty Linux UEFI Bootkit
Description: Lenovo devices running on vulnerable Insyde firmware were targeted by the BootKitty Linux UEFI bootkit exploiting the LogoFAIL flaws (CVE-2023-40238). BootKitty bypassed UEFI Secure Boot by injecting rogue certificates and exploiting vulnerabilities in UEFI image-parsing components through tampered BMP files. The bootkit was capable of disabling kernel signature verification, preloading malicious binaries, and targeting specific Ubuntu versions. Despite available security patches, many devices remained at risk. The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field.
Type: UEFI Bootkit
Attack Vector: UEFI Secure Boot Bypass
Vulnerability Exploited: LogoFAIL flaws (CVE-2023-40238)
Threat Actor: BootKitty
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident?
Incident : Vulnerability Exploitation LEN749070725
Systems Affected: All Lenovo machines with preloaded Windows
Incident : UEFI Bootkit LEN001120824
Systems Affected: Lenovo devices
Which entities were affected by each incident?
Response to the Incidents
What measures were taken in response to each incident?
Incident : Vulnerability Exploitation LEN749070725
Containment Measures: Remove the vulnerable file using PowerShell or Command Prompt
Remediation Measures: Use enterprise management tools like Group Policy Preferences or SCCM
Data Breach Information
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Use enterprise management tools like Group Policy Preferences or SCCM.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was Remove the vulnerable file using PowerShell or Command Prompt.
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Vulnerability Exploitation LEN749070725
Lessons Learned: The importance of comprehensive filesystem auditing when implementing AppLocker deployments.
Incident : UEFI Bootkit LEN001120824
Lessons Learned: The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field.
What recommendations were made to prevent future incidents?
Incident : Vulnerability Exploitation LEN749070725
Recommendations: Remove the vulnerable file using PowerShell or Command Prompt, Use enterprise management tools like Group Policy Preferences or SCCM
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are The importance of comprehensive filesystem auditing when implementing AppLocker deployments.The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Remove the vulnerable file using PowerShell or Command Prompt, Use enterprise management tools like Group Policy Preferences or SCCM.
References
Where can I find more information about each incident?
Incident : Vulnerability Exploitation LEN749070725
Source: TrustedSec
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: TrustedSec.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Vulnerability Exploitation LEN749070725
Root Causes: Incorrect file permissions on MFGSTAT.zip
Corrective Actions: Remove the vulnerable file, Use enterprise management tools for systematic removal
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Remove the vulnerable file, Use enterprise management tools for systematic removal.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an BootKitty.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2019.
Impact of the Incidents
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was All Lenovo machines with preloaded Windows and Lenovo devices.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Remove the vulnerable file using PowerShell or Command Prompt.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The importance of comprehensive filesystem auditing when implementing AppLocker deployments., The incident served as a reminder of the dangers associated with unaddressed vulnerabilities and the importance of timely updates to safeguard devices in the field.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Remove the vulnerable file using PowerShell or Command Prompt, Use enterprise management tools like Group Policy Preferences or SCCM.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident is TrustedSec.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
