Solved: Lenovo System Update vulnerability - 5.7.0.136?

tjw_sysadm · ‎Jun 09, 2022

A security advisory for older versions of Lenovo System Update is being detected for devices in my network.

Flexera's associated security advisory recommends updating to the following version (or newer):

5.07.0106

The latest available update I've installed, from Lenovo, is detected by Flexera SVM as:

5.7.0.136

Lenovo's website, shows the latest version as:

5.07.0136 (Windows also reports this installed version number)

This is the latest version available. However, due to the version numbering , it seems like SVM is picking up the latest version of system update as an older revision?

raslam · ‎Jun 10, 2022

Thanks for reporting this, it seems like the vendor messed up with product versioning metadata and therefore SVM is flagging the latest version as insecure. Please open a ticket with Flexera SVM support via your Flexera Support community portal and our file signature team will look into this and will get back to you.

View solution in original post

raslam · ‎Jun 10, 2022

Thanks for reporting this, it seems like the vendor messed up with product versioning metadata and therefore SVM is flagging the latest version as insecure. Please open a ticket with Flexera SVM support via your Flexera Support community portal and our file signature team will look into this and will get back to you.

tjw_sysadm · ‎Jun 10, 2022

OK, will do. Thanks!