{"id":902,"date":"2016-06-26T20:16:36","date_gmt":"2016-06-26T18:16:36","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=902"},"modified":"2024-10-03T00:16:34","modified_gmt":"2024-10-02T22:16:34","slug":"new-lenovo-solution-center-v-3-3-003-fixes-2-security-holes","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2016\/06\/26\/new-lenovo-solution-center-v-3-3-003-fixes-2-security-holes\/","title":{"rendered":"New Lenovo Solution Center V 3.3.003 fixes 2 security holes"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>Lenovo has released a new version 3.3.003 of Lenovo Solution Center, because prior versions comes with two critical vulnerabilities. Here are a few hints how to handle the new security desaster.<\/p>\n<p><!--more--><\/p>\n<h3>Lenovo Solution Center: Bloatware as a security risk<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/25aac56e8dbb424b8fe6d9e6dd7bf88d\" alt=\"\" width=\"1\" height=\"1\" \/>According to Lenovo (<a href=\"https:\/\/web.archive.org\/web\/20161224031453\/https:\/\/support.lenovo.com\/us\/en\/documents\/pd022501\" target=\"_blank\" rel=\"noopener\">see<\/a>), the Lenovo Solution Center (LSC) is a new software application created by Lenovo for Think products that helps users get the most out of their PC experience.<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/web.archive.org\/web\/20150429020128\/http:\/\/support.lenovo.com\/de\/de\/documents\/~\/media\/Images\/ContentImages\/l\/lsc1.ashx\" alt=\"\" \/>(Source: Lenovo)<\/p>\n<p>The new software allows users to quickly identify the status for system health, network connections and overall system security. Here are the features provided by LSC:<\/p>\n<ul>\n<li>Intuitive interface that is easy to navigate dashboard<\/li>\n<li>Pre-installed (and available for download) on new Lenovo 64-bit and 32-bit Windows 8 and 7 systems<\/li>\n<li>Full certification with \"Certified for Windows 7\" logo program<\/li>\n<li>Windows Taskbar notification if something needs attention<\/li>\n<li>Automatic notification of application updates<\/li>\n<li>Keep the computer running at peak performance<\/li>\n<li>Diagnose hardware problems<\/li>\n<li>See historical system performance and changes<\/li>\n<li>One click access to to Lenovo Support<\/li>\n<li>Access all of Lenovo software from one place<\/li>\n<\/ul>\n<p>The vendor writes: Lenovo Solution Center (LSC) ist pre-installed on Lenovo computers with Windows 8 and Windows 7, but the software is downloadable also for Windows 10 systems (64-bit and 32-bit).<\/p>\n<p>Unfortunately LSC is known as a permanent security risk on Lenovo computers (see my article <a href=\"https:\/\/web.archive.org\/web\/20160519004959\/http:\/\/borncity.com:80\/win\/2016\/05\/07\/lenovo-solution-center-vulnerable-again\/\">Lenovo Solution Center vulnerable again<\/a> from May 2016).<\/p>\n<h3>Version 3.3.003 fixes two vulnerabilities<\/h3>\n<p>Lenovo has published a Security Advisories addressing two vulnerabilities <a href=\"https:\/\/support.lenovo.com\/de\/de\/solutions\/len_7814\" target=\"_blank\" rel=\"noopener\">CVE-2016-5248<\/a> and CVE-2016-5249. Both high-severity vulnerabilities allows privilege escalation from unprivileged user accounts so LocalSystem.<\/p>\n<blockquote><p>Local privilege escalation vulnerabilities were identified in Lenovo Solution Center where unprivileged local users could terminate processes running at higher privilege levels (CVE-2016-5248) or execute arbitrary code (CVE-2016-5249) with LocalSystem account privileges.<\/p><\/blockquote>\n<p>According <a href=\"https:\/\/web.archive.org\/web\/20170203195532\/http:\/\/www.pcworld.com\/article\/3088545\/security\/lenovo-patches-two-high-severity-flaws-in-pc-support-tool.html\" target=\"_blank\" rel=\"noopener\">to pcworld<\/a>, the flaws could allow attackers to execute malicious code with system privileges and to kill other processes. This can be used to compromise a Windows system.<\/p>\n<p>Affected are all Lenovo Solution Center installs up to version 3.3.002, Lenovo <a href=\"https:\/\/web.archive.org\/web\/20240809212218\/https:\/\/support.lenovo.com\/ro\/en\/product_security\/len_7814\" target=\"_blank\" rel=\"noopener\">advises users<\/a> to upgrade to LSC version 3.3.003. This can be done:<\/p>\n<ul>\n<li>Updating via Lenovo Solution Center<\/li>\n<li>Updating via the Lenovo System Update utility<\/li>\n<li>Updating via direct <a href=\"https:\/\/support.lenovo.com\/lenovodiagnosticsolutions\/downloads\" target=\"_blank\" rel=\"noopener\">download<\/a><\/li>\n<\/ul>\n<p>My recommendation is to unistall Lenovo Solution Center via control panel \u2013 uninstall programs. Side note: A reader of my German article has informed me that LSC also requires parts of Adobe AIR (also a security night mare). So, after uninstalling LSC you should also dump Adobe AIR.<\/p>\n<p><strong>Similar article:<br \/>\n<\/strong><a href=\"https:\/\/web.archive.org\/web\/20160519004959\/http:\/\/borncity.com:80\/win\/2016\/05\/07\/lenovo-solution-center-vulnerable-again\/\">Lenovo Solution Center vulnerable again<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2015\/11\/11\/optional-windows-update-kb3107998-removes-lenovo-usb-blocker-tool\/\">Optional Windows update KB3107998 removes Lenovo USB Blocker tool<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2015\/02\/19\/lenovo-ships-superfish-adware-preinstalled-on-systems\/\">Lenovo ships Superfish adware preinstalled on systems<\/a><br \/>\n<a href=\"https:\/\/web.archive.org\/web\/20210125102418\/https:\/\/borncity.com\/win\/2015\/11\/24\/dells-superfish-2-devices-shipped-with-cloneable-root-certificate\/\">Dell's Superfish 2: Devices shipped with cloneable Root certificate<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2015\/02\/20\/komodia-ssl-certificates-and-hijacking-tech-are-widely-spread\/\">Komodia SSL certificates and hijacking tech are widely spread<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lenovo has released a new version 3.3.003 of Lenovo Solution Center, because prior versions comes with two critical vulnerabilities. Here are a few hints how to handle the new security desaster.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[101,69,224],"class_list":["post-902","post","type-post","status-publish","format-standard","hentry","category-windows","tag-lenovo","tag-security","tag-solution-center"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=902"}],"version-history":[{"count":2,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/902\/revisions"}],"predecessor-version":[{"id":35305,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/902\/revisions\/35305"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}