Lenovo crapware opens up your PC to hackers

Posted on Monday, Aug 26 2019 @ 09:53 CEST by Thomas De Maesschalck
Lenovo
The Register reports security researchers discovered an elevation or privilege vulnerability in the Lenovo Solution Centre (LSC), a tool that's been pre-installed on most Lenovo computers since 2011. All versions of the tool are vulnerable and users are advised to uninstall Lenovo Solution Centre.
"The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control," PTP explained. "In this scenario, a low-privileged user can write a 'hardlink' file to the controllable location – a pseudofile which really points to any other file on the system that the low-privileged user doesn't have control of."


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments