Flaw in Lenovo Solution Centre allows hackers to take over you PC/laptop

New security vulnerability found in Lenovo Solution Centre software

Lenovo Solution Centre (LSC) software has a critical vulnerability that allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs. Once a malicious attacker has access to local network, they can use the software to uplift their privileges and then trick LSC into running the arbitrary code in the local system context when starting up its service.

LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security from battery life, driver updates and firewall status.

A fix for the vulnerability was released by Lenovo and can be downloaded by visiting the software’s page on their website. This is the second time the computer maker has had to patch LSC โ€“ the first being December 2015.

โ€œIn keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it,โ€ a Lenovo spokesperson told Threatpost.

โ€œThis is a pretty bad vulnerability, but it does require an existing user to be logged in in order to pull off any attack,โ€ Sigler said in an email interview with Threatpost. He said the attack canโ€™t be exploited remotely. โ€œFor a malicious insider or for an attacker that already has a foothold in the network, this vulnerability could be used to make that foothold a full gateway to your network,โ€ he said.

This is not the first time it has faced problems with its pre-installed software that has security flaws. Last year, the company faced a lawsuit after it pre-installed the SuperFish โ€œman-in-the-middleโ€ adware on a number of its consumer-based PCs, which could steal personal data. The company admitted to making a mistake and distributed fixes that removed applications and certificates based on SuperFish from purchased Lenovo solutions. Uninstall instructions were also provided.

Subscribe to our newsletter

To be updated with all the latest news

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post