Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers.
The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo laptops and desktops. It allows users to check their system’s virus and firewall status, update their software, perform backups, check battery health, get registration and warranty information and run hardware tests.
The tool has two components: a graphical user interface and a service called LSCTaskService that runs in the background at all times even if the user interface is not started.
The Latest Intelligence page has been refreshed through April 2016, providing the most up-to-date analysis of cybersecurity threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here are some key takeaways from this latest batch of intelligence.
The Nuclear toolkit jumped to the top of web attack toolkits in April, comprising 42 percent of all web attacks. This toolkit has proved popular with ransomware peddlers who use it to spread their wares. The Spartan toolkit, which has topped the list of web attack toolkits for the last few months, dropped out of the top five this month. The Angler toolkit remained in second place, while RIG moved up into the top five this month.
A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.
The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.
LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.