Security Alerts & News
by Tymoteusz A. Góral

History
#714 New security flaw found in Lenovo Solution Center software
A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.

The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.

LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.
Read more
#716 Lenovo patches serious flaw in pre-installed support tool
#715 Symantec: Latest Intelligence for April 2016
#714 New security flaw found in Lenovo Solution Center software
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12