Security Vulnerabilities Found in PC Support Software
- By Sydny Shepard
- Dec 07, 2015
It has been a rough couple of months for PCs. The number of vulnerabilities discovered in technical support applications installed by manufactures keeps piling up. The newest? An anonymous hacker has published flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.
The most serious flaws appear to be in Lenovo Solution Center. The software can be used to monitor the system’s health and security. Three vulnerabilities in the application allow an attacker to remotely execute random code with administrator rights. The attack can be performed by tricking the user into visiting or opening a specifically prepared webpage with malicious code when Solution Center is active.
The flaws prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.
Currently, Lenovo is aware of the problem but does not yet have an update to fix it. For now, the company is asking users to uninstall the Lenovo Solution Center application using the add/remove programs function.
About the Author
Sydny Shepard is the Executive Editor of Campus Security & Life Safety.