Researchers have found that Lenovo's Superfish bug can easily give way to attackers looking to breach the systems using the security flaws opened up by the software.
Hence the company is offering customers a tool to help them remove pre-installed software that experts warned was a security risk.
According to the Verge, Superfish is present on Lenovo laptops sold between September 2014 and January 2015, although Lenovo says no Thinkpads were shipped with the software.
Researchers have reportedly found and published a password that can turn a security flaw into an active carrier of attack.
Errata Security's Robert David Graham said in a post that the password was stored in the Superfish software's active memory and was trivial to extract, the report added.