Researchers have discovered a serious security issue in software that is installed in almost every Lenovo notebook, tablet and PC, and potentially affects millions of users.
The software with the security gap is Lenovo Solution Center. This software allows users to see the overall status of their device, (hardware, software status, connections network) but also install security features.
But as it seems the researchers discovered a way for local privilege escalation that allows an attacker to gain elevated access rights to the system.
This of course allows it to execute code without restrictions on machine. Depending on the skill level of the attacker, they can very easily make the user's device do whatever they want, according to security firm Trustwave.
Με άλλα λόγια, ένας hacker μπορεί να τρέξει κακόβουλο λογισμικό σε επίπεδο διαχειριστή, και συστήματος, ακόμη και αν η εφαρμογή δεν φαίνεται να είναι σε mode.
The good news is that Lenovo quickly repaired the software when the vulnerability was revealed.
The company released the update last week, and those who open the Lenovo Solution Center will be asked to install it automatically.
But here we have to say two words about this software.
The online community calls this type of software "bloatware," and it is pre-installed on ThinkPads, ThinkPad tablets, ThinkCenter and ThinkStation, IdeaCenter and some IdeaPads running Windows 7 or later.
This often-unwanted software is also known as “crapware” and is still a major issue on PC or mobile devices, mainly because it is known to compromise the security of the systems it is installed on.
Let's also mention that this is not the first time that security experts discover problems with Lenovo devices. In February of 2015, researchers found that Lenovo had installed a root certificate on its laptops.
The "Superfish" scandal caused a sensation in the security community.
Read Caution! Lenovo come with adware and root certificate
The company later promised to stop installing bloatware on computers and devices it markets.