General Questions, Rumors, Real news & More
- Senior Member
- Posts: 500
- Joined: Mon Nov 17, 2014 7:23 pm
- Location: Cairo, Egypt
https://threatpost.com/new-security-fla ... re/117896/
This probably affects many Thinkpad and consumer laptops from Lenovo
A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.
The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.
LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.
“In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it,” a Lenovo spokesperson told Threatpost. “This is a pretty bad vulnerability, but it does require an existing user to be logged in in order to pull off any attack,” Sigler said in an email interview with Threatpost. He said the attack can’t be exploited remotely. “For a malicious insider or for an attacker that already has a foothold in the network, this vulnerability could be used to make that foothold a full gateway to your network,” he said.
the rest of the article in the link above
- Posts: 10137
- Joined: Sun Jun 04, 2006 1:26 am
- Location: San Jose, CA 95120 USA
It appears that another flaw has been found in Lenovo Solution Center (LSC):
https://support.lenovo.com/us/en/produc ... y/len_7814
X22 X24 X31 X41 X41T X60 X60s X61 X61s X200 X200s X300 X301 Z60m Z61t Z61p 560 560Z 600 600E 600X T21 T22 T23 T41 T60p T410 T420 T520 W500 W520 R50 A21p A22p A31 A31p
NOTE: All links to PC-Doctor software hosted by me are dead. Files removed 8/28/12 by manufacturer's demand.
- Admin Emeritus
- Posts: 21185
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Dublin, Éire
Yet another piece of Lenovo bloatware/gloatware/floatware (read crapware) to NOT EVER install (or immediately UNinstall).
Apart from that, who needs it?
- Senior ThinkPadder
- Posts: 2798
- Joined: Sat Oct 30, 2004 4:52 am
- Location: Prague, Czech Republic
It is also funny how many false reports it provides, especially in P series. There is still at least one big permanent security flaw in that software - Adobe Air (= local out of browser Flash) dependency.
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8
Huawei MateBook 13
- Senior Member
- Posts: 550
- Joined: Mon Oct 28, 2013 5:48 am
- Location: Perth Aus / Thailand
Software development is not Lenovo's strong suit and isn't that alarming.
Active --- Love the X series
X301 W 7/Mint | X201 540M L Mint | X220 2520 W7/Mint
X61 T7500 / T41 T42 T43 / A31
Rogue daily driver - Samsung RV511 15.6 " Screen - W 7
- Freshman Member
- Posts: 67
- Joined: Sat May 16, 2015 2:46 pm
- Location: New Brunswick, NJ
Puppy wrote:It is also funny how many false reports it provides, especially in P series. There is still at least one big permanent security flaw in that software - Adobe Air (= local out of browser Flash) dependency.
Figures. Everything from Adobe is a steaming turdpile of devastating vulnerabilities. All Adobe products should just be flagged as malware.
T23, T42, T43p, T60, X201, and T420 all running OpenBSD
- 0 Replies
- 750 Views
Last post by w0qj
Mon May 11, 2020 1:53 pm
- 24 Replies
- 4573 Views
Last post by Vanythe
Sat Feb 22, 2020 11:28 am
- 11 Replies
- 203 Views
Last post by MikalE
Wed Jul 08, 2020 9:19 am
- 2 Replies
- 1542 Views
Last post by BigCatAndy
Mon Mar 23, 2020 4:00 pm
Who is online
Users browsing this forum: No registered users and 19 guests