Security problems made Lenovo need to update one of the tools preloaded on its PCs for the third time in less than six months.
The company put out a new tool last week that aids users in ensuring their computers' drivers and BIOS are updated.
IOActive researchers found two local privilege escalation vulnerabilities, which are now fixed.
One vulnerability let limited Windows accounts users to begin an instance of Internet Explorer and have administrative privileges by clicking on help page URLs
"From there, an unprivileged attacker has many ways to exploit the web browser instance running under Administrator privileges to elevate his or her own privileges to Administrator or SYSTEM," according to Sofiane Talmat, an IOActive security researcher.
As for the second, "It is possible for an attacker to regenerate the same username based on the time the account was created," Talmat added.
Lenovo already issued two other security fixes this year, in July and October.