Three different vulnerabilities were discovered (and posted directly to a PoC) in pre-installed software on Dell, Lenovo and Toshiba computers (computers and tablets) affecting millions of users.
A proof-of-concept PoC demonstrates that vulnerabilities allow an attacker to perform malware at system level, no matter what type of user is logged on.
According to the researcher who wrote the PoC, a user can be dragged to open a specially crafted website to download a file, which can also come in as an e-mail attachment. These files allow an attacker to exploit the defect.
The security researcher, slipstream / RoL published his findings without informing any of the three companies Dell, Lenovo and Toshiba.
All three vulnerabilities discovered by the researcher (are available in the Carnegie Mellon University or CERT database), are found in pre-installed software often known as “bloatware. "
Η Lenovo Solution Center, is an application designed to give the user a quick overview of the "health", security and network status of the system, and comes pre-installed on a number of products. This includes ThinkPads, ThinkCenters and ThinkStations, IdeaCenters, and some IdeaPads, running from Windows 7 or later.
In its systems Toshiba, a security vulnerability was also discovered in the pre-installed Toshiba Service Station, which serves software updates, among other things.
According to the researcher slipstream / RoL the application allows a logged-in user to read parts of the registry as a system user, which has higher privileges than a standard account user. The researcher reported that an attacker cannot read the security account manager (SAM) or the bootkeys, but it is possible to "override special rights from the registry."
In its systems Dell, two vulnerabilities were found by the same security investigator.
Pre-installed Dell System Detect, which checks a user's system for any problems before contacting the support department, can be used to bypass a Windows security feature that scales a user's rights.
Security gaps come just one week after complaints about Dell's use of a pre-installed security certificate that allows an attacker to intercept the traffic and conduct man-in-the-middle attacks.
Here, we have to mention that the above security gaps affect millions of systems due to the increased sales of these companies.
As for bloatware, also known as crapware, they are still a major issue in the security of any system that uses them. Lenovo, which was previously "caught" using Superfish adware, has promised to stop grouping pre-installed bloatware on its computers.
See PoC