Lenovo Solution Center new update fixes severe security risks

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

The Lenovo Solution Center (LSC) software has always been a problem and it doesn’t appear if the issues will end any time soon: a new vulnerability has been located in the software that can cause security risks.

The vulnerability could allow attackers with local network access to a user’s computer to execute what is known as arbitrary code, according to researchers from Trustwave SpiderLabs. Attackers can use the flaw to elevate certain privileges that are tied to LSC’s backend. This then open the door for hackers to trick LSC into running arbitrary code directly into the local system, according to Karl Sigler, a SpiderLabs researcher at Trustwave.

This could become a major issue for Lenovo seeing as its LSC software is installed on almost every one of its modern computers. The software acts as a dashboard for monitoring system health among other things, so no doubt it will be used by many not aware of the faults.

“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document [such as] a web page or an HTML email message or attachment, an attacker may be able to execute arbitrary code with SYSTEM privileges,” explained a note from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University.

What we are seeing here is the latest flaw in a long list of others that occurred in the past year. It has become custom for one to view LSC software as a security risk similar to that of Java and Flash. If Lenovo fails to rectify the issue, it will likely hurt the company’s bottom line in the future. Lenovo is one of the top PC makers, a title that can go away at any given moment if changes are not put into place.

Luckily, Lenovo released a fix to end the risk of attack from outside sources. It can be downloaded right here from the company’s official website. Bear in mind that only folks using Windows 7, Windows 8, Windows 8.1 and Windows 10 will be eligible to grab the update seeing as LSC is not available for other platforms.

Recently, the company had to release updates to improve its companion apps for Windows 10 in hopes that its many users would stop leaving terrible ratings.

RELATED STORIES YOU NEED TO CHECK OUT:

More about the topics: lenovo

User forum

0 messages