By Ryan Naraine on May 06, 2016 Lenovo's problems with pre-installed bloatware causing major security problems for computer users aren’t going away anytime soon.
On the heels of the Superfish embarrassment earlier this year, the Chinese computer manufacturer is warning that multiple vulnerabilities in the "Lenovo Solution Center" could expose millions of users to malicious hacker attacks.
The most serious of the four vulnerabilities, reported by Trustwave's SpiderLabs, could "allow a remote attacker or local user to execute arbitrary code with SYSTEM privileges," Lenovo warned in an advisory.
The vulnerabilites carry a high-severity rating. Full Article Edit:This may have been fixed, please see - Lenovo patches serious flaw in pre-installed support tool
Pre-installed Lenovo Bloatware Causing More Security Problems
+62Thanks for the update on this Jasper. I will have to check my Lenovo laptop and see what version I do have. But the laptop is 8 years old anyways without an issue concerning this. Knock on wood. LOLs
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.4.2), Security: iPads, W 1p0 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
All of this is a bit worrying, even though this may be fixed, and one would really expect better from a major manufacturer of IT hardware. I am wondeirng if it has anything to do with the fact that they are a Chinese manufacturer? Unfortunately it would appear that the provision of 'addons' seems to be somewhat prolific (when compared to the rest of the world) in relation to items manufacturered over there. :(
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
By Mih?i?? Bamburic
This past year hasn't been kind to Lenovo. The company has had quite a few security problems on its hands, most affecting its Windows software. The PC maker has issued patch after patch to address them, but it now looks like the saga is far from over.
A security researcher has uncovered a new vulnerability in the Lenovo Solution Center software, which comes preloaded on the company's desktops and laptops to help users monitor things like battery life and driver updates.
"The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context", says Karl Sigler, who is responsible for finding this flaw.
full article here:
This past year hasn't been kind to Lenovo. The company has had quite a few security problems on its hands, most affecting its Windows software. The PC maker has issued patch after patch to address them, but it now looks like the saga is far from over.
A security researcher has uncovered a new vulnerability in the Lenovo Solution Center software, which comes preloaded on the company's desktops and laptops to help users monitor things like battery life and driver updates.
"The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context", says Karl Sigler, who is responsible for finding this flaw.
full article here:
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.