Lenovo Solution Centre puts almost every Lenovo PC at risk from attackers

8 May 2016
Comments Comments Off on Lenovo Solution Centre puts almost every Lenovo PC at risk from attackers
8 May 2016, Comments Comments Off on Lenovo Solution Centre puts almost every Lenovo PC at risk from attackers

Lenovo Solution Centre puts almost every Lenovo PC at risk from attackers

lenovo-logo-02

Lenovo is once again in the thick of it over its software that comes pre-installed on most Lenovo PCs. This time its Lenovo Solution Centre (LSC) software has been found to have a vulnerability that would allow anyone with local network access to the PC to execute arbitrary code. Once an attacker has local network access, they can use the software to elevate their privileges and then trick LSC into running the arbitrary code when starting up its service.

The software’s intended purpose is to monitor the overall health of the PC. It monitors the battery, firewall and checks for driver updates. It comes pre-installed on the majority of Lenovo PCs, including desktop and laptop, for both businesses and consumers.

A fix for the vulnerability was released by Lenovo and can be downloaded by visiting the software’s page on their website. A statement from a spokesperson for Lenovo said:

In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it

Regardless of any fixes Lenovo has released, this issue continues to crop up time-and-time-again; pre-installed software having security flaws. If you think back to last year, you’ll remember the Superfish debacle, in which the company pre-loaded adware on its customers systems, which could steal personal data. It isn’t just Lenovo, though. Dell has had its time in the limelight too. Its pre-installed software caused a stir over the potential for SSL attacks, after it pre-loaded an SSL certificate on its machines.

[Source: Neowin]

What next?

To find out more about how our Managed Workstations and Managed IT Security could audit your network, and automatically upgrade or uninstall Lenovo Solution Centre, please contact us today or call 01793 295000 to speak to a member of our team.

 

Comments are closed.

Bitnami