A renowned information security company Trustwave Holdings provided a glance about some security related update related to many of the Lenovo laptop. According to the company they have discovered a number of vulnerabilities in the software or Lenovo solution center. The Lenovo solution center program comes pre-installed in most of the Lenovo computers. The company reported that vulnerabilities in the particular Lenovo software can allow the common users to run the arbitrary code with the privilege of highest system level. Usually in other PC the administrator have only the right to get access on the full system, but occurrence of the problem allows some other user who is not an administrator to run the account on the system in order to hack it. Company later also described that how this issue can become dangerous for users and helpful for the cyber criminals. However the exploits were only found in the version 2.8.006 of Lenovo solution software but slowly it has affected all the version of the software prior to 3.3.0002.
How hackers can get access in the system using this vulnerability
As mentioned earlier hackers can easily exploit your Lenovo PC by taking advantage of this issue. Hackers can easily open the command prompt in order to launch the Lenovo solution software and they can launch the diagnostics help and system health application through the control panel of the system. After that the hackers can put a particular URL in the web browser and makes the device manager to run as a local system rather than non-administrative user. Now with the device manager which is loaded by the hackers using the specific URL they can install some driver which can use to execute the code whatever they wanted in the kernel or user mode. But the security company is claiming that to exploit the kernel mode drivers should must be signed by the administrator whereas for the user mode driver can be run as a Local service account. The report continues that to execute the code the hackers should mus create a duplicate driver along with an INF file that interact with a malicious file which is known as DLL stored on the hard disk. The report also said that hackers simply make use of the “Add legacy hardware” option in the Device Manager and then they select “Install the hardware that I manually select from a list (Advanced),” after that they click on the option “Show All Devices,” and at last “Have Disk”. After that the hackers use to locate the INF file in order to agree them to install non-verified driver software.
More about Lenovo solution center :- https://support.lenovo.com/in/en/lenovodiagnosticsolutions/tools/lscoverview
The report further says that Lenovo was contacted by the security company regarding the Lenovo solution center after that Lenovo have to release a warning page in which it explains about the situation of the error and it also explained that how hackers can invade the vulnerable computer remotely to fulfill their malicious intention. In addition the company also explains that Lenovo Solution Center may not be running actively on the screen of the PC but the vulnerable background service will continue to run. According to the warning current status if the user visit any malicious site when the LSC background service is running then the system is vulnerable even the user interface of LSC is not been used by users. If we see the release history of Lenovo then the 3.3.002 is the latest version of the Lenovo solution center software. Users are also provided with the function to update this software by clicking on update button.
However Lenovo installs this software on most of the PC’s. The software work as a hub that monitors health, security and battery health of the PC which is joint by numbers of other software. This is not the first incident when Lenovo has experienced issues with its pre-installed softwares. We have already discuss that how the company faced the trouble due to the SuperFish adware on a large number of its PC after which it also provide the solution to remove it. The company has also admitted about the mistakes done by it but it is also true that it provide fixes too.
Get more here :- https://support.lenovo.com/in/en/product_security/len_4326