CHINA TOPIX

12/22/2024 01:31:55 pm

Make CT Your Homepage

Lenovo Update Fixes Two High-Risk Security Flaws

Lenovo

(Photo : Reuters) Chinese tech company Lenovo recently rolled out a patch in order to fix two high-severity vulnerabilities in its Lenovo Solution Center support tool.

Chinese tech company Lenovo recently rolled out a patch in order to fix two high-severity vulnerabilities in its Lenovo Solution Center support tool. The tool is preinstalled on many laptops and desktop computers manufactured by Lenovo, which is why the company considered it as a high priority update.

Like Us on Facebook

Lenovo said that the patch will fix the flaw that allows hackers to remotely control a computer and terminate antivirus programs running on it in order to avoid detection. The Lenovo Solution Center is a nifty tool that allows users to easily check the status of their computer's firewall, antivirus programs, as well as update their Lenovo software, perform backups, run hardware tests, acquire registration and warranty details, and check battery information.

The two vulnerabilities on Lenovo's support tool were tracked as CVE-2016-5248 and CVE-2016-5249 and were posted on the Common Vulnerabilities and Exposures database. The two flaws were first discovered by security researchers working for Trustwave.

Moreover, the vulnerabilities affect Lenovo Solution Center version 3.3.002 and earlier.

The CVE-2016-5249 allows hackers who already have control of a limited account running on a desktop computer to execute malicious codes through the LocalSystem account, which requires a higher privilege permission.

The other vulnerability, CVE-2016-5248, allows any local user to send a command to the LSC Services system, which can be used to terminate other processes running on the system, regardless of permission privilege. Security researchers found out that the target process could cover any running application, but hackers tend to target antivirus programs and security applications most of the time in order to avoid detection.

These two recently discovered flaws were not the first to be discovered in the Lenovo Solution Center. However, over the years, Lenovo has been consistently on time in patching these vulnerabilities before they can be exploited by malicious users.

The Lenovo Solution Center was even praised by many security analysts for being one of the most secure update tools that is preinstalled on computers.

Real Time Analytics