Lenovo Solution Center new update fixes severe security risks

John White By: John White
2 minute read

Home » News » Lenovo Solution Center new update fixes severe security risks

The Lenovo Solution Center (LSC) software has always been a problem and it doesn’t appear if the issues will end any time soon: a new vulnerability has been located in the software that can cause security risks.

The vulnerability could allow attackers with local network access to a user’s computer to execute what is known as arbitrary code, according to researchers from Trustwave SpiderLabs. Attackers can use the flaw to elevate certain privileges that are tied to LSC’s backend. This then open the door for hackers to trick LSC into running arbitrary code directly into the local system, according to Karl Sigler, a SpiderLabs researcher at Trustwave.

This could become a major issue for Lenovo seeing as its LSC software is installed on almost every one of its modern computers. The software acts as a dashboard for monitoring system health among other things, so no doubt it will be used by many not aware of the faults.

“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document [such as] a web page or an HTML email message or attachment, an attacker may be able to execute arbitrary code with SYSTEM privileges,” explained a note from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University.

What we are seeing here is the latest flaw in a long list of others that occurred in the past year. It has become custom for one to view LSC software as a security risk similar to that of Java and Flash. If Lenovo fails to rectify the issue, it will likely hurt the company’s bottom line in the future. Lenovo is one of the top PC makers, a title that can go away at any given moment if changes are not put into place.

Luckily, Lenovo released a fix to end the risk of attack from outside sources. It can be downloaded right here from the company’s official website. Bear in mind that only folks using Windows 7, Windows 8, Windows 8.1 and Windows 10 will be eligible to grab the update seeing as LSC is not available for other platforms.

Recently, the company had to release updates to improve its companion apps for Windows 10 in hopes that its many users would stop leaving terrible ratings.

RELATED STORIES YOU NEED TO CHECK OUT:

Discussions

Next up

Windows Update Error 0x800f0982 on Windows 10 [TECHNICIAN FIX]

Matthew Adams By: Matthew Adams
3 minute read

Windows users have posted on forums about an update error that occurs when they try to download and install 2019 KB4494441, KB4489899, andKB4482887 updates. The […]

Continue Reading

Maybe you shouldn’t install Windows 10 May Update, after all

Irfa Batool avatar. By: Irfa Batool
2 minute read

Microsoft started rolling out the Windows 10 May 2019 Update a few days ago adding a long list of new features and improvements to the […]

Continue Reading

Magic Mouse 2’s scrolling not working in Windows 10 [EXPERT FIX]

Matthew Adams By: Matthew Adams
3 minute read

Magic Mouse is an Apple mouse that users can also utilize within Windows 10. However, some users have stated in forums that Magic Mouse scrolling […]

Continue Reading