Dear Students and Colleagues,
Last Friday, Lenovo announced and published an advisory warning consumers that software known as SuperFish had been included on certain consumer-grade computers shipped by Lenovo between September 2014 and February 2015. SuperFish delivers advertising to users while web browsing and has also been found to present a security risk. In response to consumer feedback, Lenovo has discontinued the practice and provided a removal tool for users of affected Lenovo products. The United States Computer Emergency Readiness Team (US-CERT) has also published an advisory.
Lenovo computers purchased by UT for university use or computers recommended to students through the laptop program are NOT affected and none have included SuperFish. SuperFish was distributed with Lenovo’s consumer-grade line of notebook computers only and was not shipped with any of the enterprise-grade ThinkPad line of computers that Drew provides. If you have purchased a Lenovo laptop for yourself or your department has purchased Lenovo products outside of normal channels, we recommend that you consult Lenovo’s advisory to see if your computer is affected and follow the provided instructions for removing the SuperFish software.
For more information on the Lenovo SuperFish vulnerability, please see the following sites:
The New York Times - news article
eWeek - news article
Sophos Naked Security - detailed explanation of the security vulnerability
Lenovo - open letter to customers from Lenovo’s Chief Technology Officer
Please don’t hesitate to contact us with any questions or concerns.