Researchers have discovered a serious security issue in software installed on nearly every Lenovo notebook, tablet and PC, potentially affecting millions users.
The software with the security gap is Lenovo Solution Center. This software allows users to see the overall status of their device (hardware, software status, network connections) but also to install security features.
But it seems the researchers have discovered a way for local privilege escalation that allows an attacker to gain elevated privileges access in the system.
This of course allows him to execute unlimited code on the machine. Depending on the level of intruder's skill level, it can very easily make the user's device want, according to the Trustwave security firm.
In other words, a hacker can run malicious software at administrator and system level, even if the application does not seem to be running.
The good news is that Lenovo quickly repaired the software when the vulnerability was revealed.
The company released the update last week, and those who open the Lenovo Solution Center will be asked to install it automatically.
But here we have to say two words about this software.
Η διαδικτυακή κοινότητα αποκαλεί αυτού του είδους το λογισμικό “bloatware,” και υπάρχει προεγκατεστημένο στα ThinkPads, The ThinkPad tablets, στα ThinkCenter αλλά και στα ThinkStation, IdeaCenter και μερικά IdeaPads, που τρέχουν με Windows 7 ή και νεότερο operating system.
This frequently-unwanted software is also known as "crapware" and is still a major issue on PCs or mobile devices, mainly because it is known to compromise the security of installed systems.
Let's also mention that this is not the first time that security experts discover problems with Lenovo devices. In February of 2015, researchers found that Lenovo had installed a root certificate on its laptops.
The "Superfish" scandal caused a sensation in the security community.
Read Caution! Lenovo come with adware and root certificate
The company later promised to stop installing bloatware on computers and devices it markets.