Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

New Security Flaw Found in Lenovo Solution Center Software

General Questions, Rumors, Real news & More
Post Reply
Message
Author
hhhd1
Senior Member
Senior Member
Posts: 500
Joined: Mon Nov 17, 2014 7:23 pm
Location: Cairo, Egypt

New Security Flaw Found in Lenovo Solution Center Software

#1 Post by hhhd1 » Sun May 08, 2016 6:54 pm

https://threatpost.com/new-security-fla ... re/117896/

This probably affects many Thinkpad and consumer laptops from Lenovo
A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.

The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.

LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.

“In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it,” a Lenovo spokesperson told Threatpost. “This is a pretty bad vulnerability, but it does require an existing user to be logged in in order to pull off any attack,” Sigler said in an email interview with Threatpost. He said the attack can’t be exploited remotely. “For a malicious insider or for an attacker that already has a foothold in the network, this vulnerability could be used to make that foothold a full gateway to your network,” he said.
the rest of the article in the link above
===

rkawakami
Admin
Admin
Posts: 10135
Joined: Sun Jun 04, 2006 1:26 am
Location: San Jose, CA 95120 USA
Contact:

Re: New Security Flaw Found in Lenovo Solution Center Software

#2 Post by rkawakami » Fri Jun 24, 2016 4:13 pm

It appears that another flaw has been found in Lenovo Solution Center (LSC):

https://support.lenovo.com/us/en/produc ... y/len_7814
Ray Kawakami
X22 X24 X31 X41 X41T X60 X60s X61 X61s X200 X200s X300 X301 Z60m Z61t Z61p 560 560Z 600 600E 600X T21 T22 T23 T41 T60p T410 T420 T520 W500 W520 R50 A21p A22p A31 A31p
NOTE: All links to PC-Doctor software hosted by me are dead. Files removed 8/28/12 by manufacturer's demand.

RealBlackStuff
Admin Emeritus
Admin Emeritus
Posts: 20014
Joined: Mon Sep 18, 2006 5:17 am
Location: Dublin, Ireland
Contact:

Re: New Security Flaw Found in Lenovo Solution Center Software

#3 Post by RealBlackStuff » Sat Jun 25, 2016 6:47 am

Yet another piece of Lenovo bloatware/gloatware/floatware (read crapware) to NOT EVER install (or immediately UNinstall).
Apart from that, who needs it?

Puppy
Senior ThinkPadder
Senior ThinkPadder
Posts: 2692
Joined: Sat Oct 30, 2004 4:52 am
Location: Prague, Czech Republic

Re: New Security Flaw Found in Lenovo Solution Center Software

#4 Post by Puppy » Sat Jun 25, 2016 8:23 am

It is also funny how many false reports it provides, especially in P series. There is still at least one big permanent security flaw in that software - Adobe Air (= local out of browser Flash) dependency.
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8
Huawei MateBook 13

shawross
Senior Member
Senior Member
Posts: 536
Joined: Mon Oct 28, 2013 5:48 am
Location: Perth Aus / Thailand

Re: New Security Flaw Found in Lenovo Solution Center Software

#5 Post by shawross » Sun Jun 26, 2016 3:23 am

Software development is not Lenovo's strong suit and isn't that alarming.
Active --- Love the X series
X301 SU9400 IDA Mod - W 7 / X201 540M - W 7 / X220 2520 - W7

Nostalgia
X61 T7500 / T41 T42 T43 / A31

Rogue daily driver - Samsung RV511 15.6 " Screen - W 7

Kilkenny
Freshman Member
Posts: 67
Joined: Sat May 16, 2015 2:46 pm
Location: New Brunswick, NJ

Re: New Security Flaw Found in Lenovo Solution Center Software

#6 Post by Kilkenny » Sun Jun 26, 2016 8:34 am

Puppy wrote:It is also funny how many false reports it provides, especially in P series. There is still at least one big permanent security flaw in that software - Adobe Air (= local out of browser Flash) dependency.
Figures. Everything from Adobe is a steaming turdpile of devastating vulnerabilities. All Adobe products should just be flagged as malware.
T23, T42, T43p, T60, X201, and T420 all running OpenBSD

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “GENERAL ThinkPad News/Comments & Questions”

Who is online

Users browsing this forum: No registered users and 4 guests