Security Vulnerabilities Found in PC Support Software

Security Vulnerabilities Found in PC Support Software

It has been a rough couple of months for PCs. The number of vulnerabilities discovered in technical support applications installed by manufactures keeps piling up. The newest? An anonymous hacker has published flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.

The most serious flaws appear to be in Lenovo Solution Center. The software can be used to monitor the system’s health and security. Three vulnerabilities in the application allow an attacker to remotely execute random code with administrator rights. The attack can be performed by tricking the user into visiting or opening a specifically prepared webpage with malicious code when Solution Center is active.

The flaws prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

Currently, Lenovo is aware of the problem but does not yet have an update to fix it. For now, the company is asking users to uninstall the Lenovo Solution Center application using the add/remove programs function.  

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Cover image for IDP ProCare

    IDP ProCare™ Premium Support Program

    Minimize downtime and secure uninterrupted credential production with priority technical support, overnight advanced unit replacements, and proactive system health reviews.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • NAPCO product image

    StarLink Fire Max2 Dual Cell/IP Communicator

    Streamline commercial fire compliance with dual-carrier cellular connectivity, a dedicated FACP data path, and dual-layer electronic inspection verification.