Microsoft's Windows 8.x and Windows 10 operating systems contain a feature that enables PC OEMs to embed a Windows executable within their system firmware. This executable will run automatically during boot time and can be used to inject software into a Windows machine even after disk formats.
The feature is intended to be used for anti-theft software but unfortunately it seems Lenovo abused this feature to preinstall its "Lenovo Service Engine" bloatware onto certain of its desktop and laptop systems. To make things even worse, the preinstalled Lenovo software appeared to be insecure, with security researchers discovering buffer overflow issues and the use of insecure network connections. Fortunately, Lenovo reportedly stopped including LSE on new systems built since June.
Full details at ARS Technica.
Lenovo's own description of what the software did differs depending on whether the affected system is a desktop or a laptop. On desktops, the company claims that the software only sends some basic information (the system model, region, date, and a system ID) to a Lenovo server. This doesn't include any personally identifying information, but the system ID should be unique to each device. Lenovo says that this is a one-time operation and that the information gets sent only on a machine's first connection to the Internet.
For laptops, however, the software does rather more. LSE on laptops installs the OneKey Optimizer (OKO) software that Lenovo bundles on many of its machines. OneKey Optimizer arguably falls into the "crapware" category. While OKO does do some somewhat useful system maintenance—it can update drivers, for example—it also offers to perform performance "optimizations" and cleaning "system junk files," which both seem to be of dubious value.