Lenovo under the spotlight again for vulnerability in pre-installed software

by morbias on: 05/07/2016 11:36 AM | source: | 5 comment(s)

A serious security flaw in Lenovo's Solution Center support tool has been discovered which would allow an attacker to execute code with system privileges, allowing access to the whole system. The LSC software is found on millions of Lenovo products, so if you have a Lenovo notebook, tablet or PC it is advisable to check you are running the latest version (3.3.002) for which this latest vulnerability has been patched.

FROM ZDNET:

The affected Lenovo Security Center software allows users to see the overall health of their device, from hardware and software status, network connections, and installed security features.

But security researchers have found a way to raise the privileges of the software, which could let an attacker gain access to the whole system, according to a soon-to-be-released blog post by security firm Trustwave.

In other words, a hacker can run malware at a system-wide level -- even if the app doesn't appear to be running.

The good news is that Lenovo quickly patched the software after details of the vulnerability were privately disclosed.

The computer giant rolled out the new software last week, which will automatically ask users to install when they next open the software.

Lenovo was also caught up in the "Superfish" adware scandal last year. The company later promised to stop bundling preinstalled bloatware on the computers and devices it sells.

LENOVO PRODUCT SECURITY ADVISORY AVAILABLE HERE: https://support.lenovo.com/gb/en/product_security/len_4326

Related Stories

Lenovo updates innovative X1 portfolio - 01/04/2016 10:00 AM
Designed for forward thinkers, the series includes new additions such as the brilliantly adaptable ThinkPad X1 Tablet with its unique modular design; the immersive ThinkPad X1 Yoga with world's fir...

Lenovo unveils the ThinkPad 10 tablet - 06/01/2015 02:27 AM
Lenovo has announced their new ThinkPad 10 tablet at the Lenovo Tech World event in Beijing, aimed squarely at business users....

Lenovo updates YOGA series ultra slim convertible PC - 01/06/2015 09:36 AM
Lenovo today announced its new lineup of YOGA convertibles and tablets with new technologies that take flexibility and interactivity to a new level. The family includes the thin and light YOGA 3 in 11...

icedman
Senior Member

Posts: 1071
Joined: 2013-02-22

#5268699 Posted on: 05/07/2016 01:13 PM

I can't believe anyone still buys anything from this brand they should be out of business

CronoGraal
Senior Member

Posts: 4186
Joined: 2006-10-11

#5268721 Posted on: 05/07/2016 01:45 PM

I can't believe anyone still buys anything from this brand they should be out of business

their laptops are competitively priced

Corrupt^
Senior Member

Posts: 7018
Joined: 2005-12-02

#5268725 Posted on: 05/07/2016 01:50 PM

Fox2232
Senior Member

Posts: 11529
Joined: 2012-07-20

#5268782 Posted on: 05/07/2016 03:46 PM

Extraordinary
Senior Member

Posts: 19503
Joined: 2010-04-21

#5268787 Posted on: 05/07/2016 03:53 PM

But tbh, considering the amount of bloat you get on pretty much all laptops these days, the first action anyone with half a clue should do is a clean install of Windows.

And then u install the drivers and nothing more (except your own usual programs of course).

Got my laptop about 7 years back, was a single core 2GB RAM HP running Vista Basic, powered it up for the first time, and about 15 mins later it was still completely unusable due to the amount of bloat and crapware pre-installed

Wiped it, put a pre-release Win 7 on it, perfect, 100x better

Still going strong today, 10 Pro, with an upgraded DualCore CPU, only thing wrong with it is the main enter key stopped working a few months back, and the battery is dead

Actually, the battery was dismantled, dead cells thrown, good cells charged and used in a torch (18650 cells)

Post New Comment

Click here to post a comment for this news story on the message forum.