Superfish is an Adware application pre-installed on some Lenovo devices that leaves users vulnerable to man-in-the-middle attacks through the presence of a non-standard root certificate with a compromised private key. Removal of this certificate is recommended to mitigate its potential use for MITM attacks.
- Open the MMC (Start > Run > mmc).
- Go to File > Add / Remove Snap In
- Double Click Certificates
- Select Computer Account.
- Select Local Computer > Finish
- Click OK to exit the Snap-In window.
- Click [+] next to Certificates > Trusted Root Certification Authorities > Certificates
- Locate and select the Superfish Certificate.
- Right Click and select Delete
- Click OK to confirm removal of the root certificate.