Pre-installed software in Lenovo, Toshiba and Dell has severe vulnerabilities

Now a days every company ships their PCs and Laptops with pre-installed software. Sometimes you can remove this software which is often called bloatware, but otherwise you are helpless. And if the support software shipped with the PC/laptop is riddled with flaws, you are left to the mercy of hackers. According to a hacker, pre-installed software on Lenovo/Dell and Toshiba PCs/laptops is just ripe for exploitation, and a vulnerability has been released into the world well in advance of the fix.

The hacker who goes by the handle of slipstream and RoL and writes for LizardHQ, discovered severe vulnerabilities in the Lenovo Solution Center, Toshiba Service Station and Dell System Detect, all of which are support software for respective PCs/laptops.

According to slipstream, Lenovo Solution Center has the most serious of the vulnerabilities and if exploited, would allow a potential hacker take over the Lenovo PC/laptop by making the owner visit a specially crafted website.

Slipstream has released a proof-of-concept exploit for the vulnerabilities in PCs/laptops manufactured by the 3 manufacturers and CERT Coordination Center at Carnegie Mellon University subsequently published security advisory.

The three security flaws reside in:

?    Dell System Detect (DSD) versions 6.12.0.1 and earlier

?    Lenovo’s Solution Center versions 3.1.004 and earlier

?    Toshiba Service Station versions 2.6.14 and earlier

Lenovo vulnerability :

The Lenovo Solution Center is a pre-installed app on Lenovo laptops that enables users to check the health of their system and network connections. Potential hackers can run malicious code and escalate their privileges to SYSTEM level using a bug in the Lenovo Solution Center. However this exploit works only when the victim has Lenovo Solution Center is open in his PC/laptop.

Lenovo has advised PC/laptop owners to uninstall the Lenovo Solution Center till the time their engineers investigate the vulnerability and come up with a patch.

Dell vulnerability

Dell System Detect is a Windows application pre-installed on all Dell PCs and tablets, provided to customers as a way to simplify the process of contacting Dell’s support. This very same service was also where a redittor found the now infamous eDellRoot rogue CA.

According to slipstream this app starts an HTTP daemon on ports 8883, 8884, 8885, and 8886, for an internal API. This API can be abused to allow attackers to bypass the Windows User Account Control limitations. “Not even uninstallation of Dell System Detect will prevent exploitation of these issues; it runs from %APPDATA% so malware could easily drop it on your system to exploit this issue,” says slipstream/RoL.

Dell has still not commented on the issue however, slipstream has recommended uninstalling Dell System Detect and then blacklisting the DellSystemDetect.exe from being executed.

Toshiba vulnerability

Though Toshiba is not so popular as its above counterparts, many buyers have Toshiba PCs/laptops. In Toshiba PCs/laptops, the Toshiba Service Station application which the company provides to allow users to search and install software for their specific brand of computer is riddled with flaws.

According to slipstream, a potential hacker could exploit the vulnerabilities in this software to lower privileges on the machine to read parts of the Windows registry as SYSTEM-level users.

As with the Lenovo issue, uninstalling the Toshiba Service Station removes any danger of exploitation.

 

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here