Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle malicious users to execute arbitrary code.
lenovo updates -