But security researchers have found a way to raise the privileges of the software, which could let an attacker gain access to the whole system, according to a soon-to-be-released blog post by security firm Trustwave.
In other words, a hacker can run malware at a system-wide level -- even if the app doesn't appear to be running.
The good news is that Lenovo quickly patched the software after details of the vulnerability were privately disclosed.
The computer giant rolled out the new software last week, which will automatically ask users to install when they next open the software.
The software, often called "bloatware," comes installed as standard on ThinkPads, ThinkPad tablets, ThinkCenter and ThinkStation, IdeaCenter and some IdeaPads, running Windows 7 and later.
But this often-unwanted software -- also known as "crapware" -- remains a major issue in PC and mobile circles, particularly because it's known to put system security at risk.
Case in point, it's the third problem that Lenovo has been forced to address in relation to using preinstalled software in the past two years.
The flaw similarly would have allowed an attacker to run malware at the system level, regardless of what kind of user is logged in. A user would have to be tricked into opening a specially-crafted web page, such as through a drive-by download or a link in an email.