Lenovo Solution Center new update fixes severe security risks

3 min. read

Published onMay 11, 2016

published onMay 11, 2016

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

The Lenovo Solution Center (LSC) software has always been a problem and it doesn’t appear if the issues will end any time soon: a new vulnerability has been located in the software that can cause security risks.

The vulnerability could allow attackers with local network access to a user’s computer to execute what is known as arbitrary code, according to researchers fromTrustwave SpiderLabs. Attackers can use the flaw to elevate certain privileges that are tied to LSC’s backend. This then open the door for hackers to trick LSC into running arbitrary code directly into the local system, according to Karl Sigler, a SpiderLabs researcher at Trustwave.

This could become a major issue for Lenovo seeing as its LSC software is installed on almost every one of its modern computers. The software acts as a dashboard for monitoring system health among other things, so no doubt it will be used by many not aware of the faults.

“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document [such as] a web page or an HTML email message or attachment, an attacker may be able to execute arbitrary code with SYSTEM privileges,”explaineda note from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University.

What we are seeing here is the latest flaw in a long list of others that occurred in the past year. It has become custom for one to view LSC software as a security risk similar to that of Java and Flash. If Lenovo fails to rectify the issue, it will likely hurt the company’s bottom line in the future. Lenovo is one of the top PC makers, a title that can go away at any given moment if changes are not put into place.

Luckily, Lenovo released a fix to end the risk of attack from outside sources. It can be downloaded rightherefrom the company’s official website. Bear in mind that only folks using Windows 7, Windows 8, Windows 8.1 and Windows 10 will be eligible to grab the update seeing as LSC is not available for other platforms.

Recently, the company had to release updates to improve itscompanion appsfor Windows 10 in hopes that its many users would stop leaving terrible ratings.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Lenovo Solution Center new update fixes severe security risks#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Lenovo Solution Center new update fixes severe security risks