Lenovo High-Severity Bug Found in Pre-Installed Software
#1
Exclamation 
Quote:Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving an adversary Administrator or SYSTEM-level privileges.
 
Research come from Pen Test Partners, who found the flaw (CVE-2019-6177) and said the vulnerability is tied to its much-maligned Lenovo Solution Center (LSC) software.
 
“The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control,” wrote researchers at Pen Test Partners in a technical description of the bug posted Thursday.

Lenovo issued a security bulletin regarding this bug and recommended users upgrade to a similar utility called Lenovo Vantage.

Read more here: https://threatpost.com/bug-found-in-pre-...re/147657/
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Internet Download Manager 6.32 Build 9
Internet Download ...Kool — 13:05
Chrome for Android Adds Back Button in V...
Google has added a...harlan4096 — 12:35
Microsoft Edge 150.0.4078.65
Version 150.0.4078...harlan4096 — 12:34
Waterfox 6.6.16.1
Waterfox 6.6.16.1 ...harlan4096 — 12:03
Vivaldi 8.1 Build 4087.48
Vivaldi 8.1 Build ...harlan4096 — 12:02

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (39)boineDon
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>