Researchers have discovered a serious security issue in software that is installed in almost every Lenovo notebook, tablet and PC, and potentially affects millions of users.
The software with the security gap is Lenovo Solution Center. This software allows users to see the overall status of their device, (hardware, software status, network connections) and also install security features.
But it seems the researchers have discovered a way for local privilege escalation that allows an attacker to gain elevated privileges accesss in the system.
This of course allows him to execute unlimited code on the machine. Depending on the level of intruder's skill level, it can very easily make the user's device want, according to the Trustwave security firm.
In other words, a hacker can run malicious software at administrator and system level, even if the application does not seem to be running.
The good news is that Lenovo quickly repaired the software when the vulnerability was revealed.
The company released the information last week, and those who open the Lenovo Solution Center will be prompted to install it automatically.
But here we have to say two words about this software.
The online community calls this type of software "bloatware," and it is pre-installed on ThinkPads, ThinkPad tablets, ThinkCenter and ThinkStation, IdeaCenter and some IdeaPads running Windows 7 or later.
This frequently-unwanted software is also known as "crapware" and is still a major issue on PCs or mobile devices, mainly because it is known to compromise the security of installed systems.
We should also mention that, it is not the first time that security experts have discovered problems on Lenovo devices. In February 2015, researchers found that Lenovo had installed a root certificate on its laptops.
Το σκάνδαλο “Superfish” προκάλεσε αίσθηση στην κοινότητα ασφαλείας.
Read Caution! Lenovo come with adware and root certificate
The company later promised to stop installing bloatware on computers and devices it markets.