Lenovo Solution Center new update fixes severe security risks

By: Vamien McKalin
2 minute read

The Lenovo Solution Center (LSC) software has always been a problem and it doesn’t appear if the issues will end any time soon: a new vulnerability has been located in the software that can cause security risks.

The vulnerability could allow attackers with local network access to a user’s computer to execute what is known as arbitrary code, according to researchers from Trustwave SpiderLabs. Attackers can use the flaw to elevate certain privileges that are tied to LSC’s backend. This then open the door for hackers to trick LSC into running arbitrary code directly into the local system, according to Karl Sigler, a SpiderLabs researcher at Trustwave.

This could become a major issue for Lenovo seeing as its LSC software is installed on almost every one of its modern computers. The software acts as a dashboard for monitoring system health among other things, so no doubt it will be used by many not aware of the faults.

“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document [such as] a web page or an HTML email message or attachment, an attacker may be able to execute arbitrary code with SYSTEM privileges,” explained a note from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University.

What we are seeing here is the latest flaw in a long list of others that occurred in the past year. It has become custom for one to view LSC software as a security risk similar to that of Java and Flash. If Lenovo fails to rectify the issue, it will likely hurt the company’s bottom line in the future. Lenovo is one of the top PC makers, a title that can go away at any given moment if changes are not put into place.

Luckily, Lenovo released a fix to end the risk of attack from outside sources. It can be downloaded right here from the company’s official website. Bear in mind that only folks using Windows 7, Windows 8, Windows 8.1 and Windows 10 will be eligible to grab the update seeing as LSC is not available for other platforms.

Recently, the company had to release updates to improve its companion apps for Windows 10 in hopes that its many users would stop leaving terrible ratings.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions