Lenovo patches serious flaw in pre-installed support tool

Discussion in 'Off-Topic' started by Sefie, May 7, 2016.

  1. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers.

    The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo laptops and desktops. It allows users to check their system’s virus and firewall status, update their software, perform backups, check battery health, get registration and warranty information and run hardware tests.

    The tool has two components: a graphical user interface and a service called LSCTaskService that runs in the background at all times even if the user interface is not started.

    The Lenovo Solution Center version 3.3.002, released on April 25, contains a fix for a local privilege escalation vulnerability reported by a security researcher from Trustwave. The flaw could allow a local Windows user, or an attacker who compromises a local user, to execute malicious code with system privileges and take control of the whole OS.

    http://www.pcworld.com/article/3067...rious-flaw-in-pre-installed-support-tool.html
     
    Sefie, May 7, 2016
    #1
    IBMPC8088 likes this.
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.