A serious security flaw in Lenovo's Solution Center support tool has been discovered which would allow an attacker to execute code with system privileges, allowing access to the whole system. The LSC software is found on millions of Lenovo products, so if you have a Lenovo notebook, tablet or PC it is advisable to check you are running the latest version (3.3.002) for which this latest vulnerability has been patched.

FROM ZDNET:

The affected Lenovo Security Center software allows users to see the overall health of their device, from hardware and software status, network connections, and installed security features.

But security researchers have found a way to raise the privileges of the software, which could let an attacker gain access to the whole system, according to a soon-to-be-released blog post by security firm Trustwave.

In other words, a hacker can run malware at a system-wide level -- even if the app doesn't appear to be running.

The good news is that Lenovo quickly patched the software after details of the vulnerability were privately disclosed.

The computer giant rolled out the new software last week, which will automatically ask users to install when they next open the software.

Lenovo was also caught up in the "Superfish" adware scandal last year. The company later promised to stop bundling preinstalled bloatware on the computers and devices it sells.

LENOVO PRODUCT SECURITY ADVISORY AVAILABLE HERE: https://support.lenovo.com/gb/en/product_security/len_4326

Lenovo under the spotlight again for vulnerability in pre-installed software