Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

306 Posts

03-20-2008

Canada

893 Signins

5549 Page Views

  • Posts: 306
  • Registered: ‎03-20-2008
  • Location: Canada
  • Views: 5549
  • Message 1 of 8

LSC Vulnerabilities Identified

2015-12-05, 11:23 AM

Note that all of these vulnerabilities appear to require that the user has launched the Lenovo Solution Center at least once. Simply closing the Lenovo Solution Center does appear to stop the vulnerable LSCTaskService process.

 

Lenovo has provided the following statement:...

 

"Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available."

 

ImpactL   By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.

 

Solution The CERT/CC is currently unaware of a practical solution to this problem.

T23: 2647-8RU, Ubuntu 12.04 LTS
A61E: 6418-12U, W7/Pro 64
X200: 7454-CTO, W7/Pro 32

Reply
Options

5 Posts

06-21-2013

Australia

10 Signins

62 Page Views

  • Posts: 5
  • Registered: ‎06-21-2013
  • Location: Australia
  • Views: 62
  • Message 2 of 8

Re: LSC Vulnerabilities Identified

2015-12-07, 22:01 PM
so....we remove it....how do we get word of a fix?
Reply
Options

2725 Posts

05-01-2010

United States of America

12953 Signins

149183 Page Views

  • Posts: 2725
  • Registered: ‎05-01-2010
  • Location: United States of America
  • Views: 149183
  • Message 3 of 8

Re: LSC Vulnerabilities Identified

2015-12-08, 0:48 AM

Surely Lenovo's article will be updated. I'll also post back here as well in case others miss the updated info.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.

Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply
Options

5 Posts

06-21-2013

Australia

10 Signins

62 Page Views

  • Posts: 5
  • Registered: ‎06-21-2013
  • Location: Australia
  • Views: 62
  • Message 4 of 8

Re: LSC Vulnerabilities Identified

2015-12-08, 1:09 AM
That would be awesome. Do you know if there is an rss to lenovo security advisories?
Reply
Options

2032 Posts

11-28-2007

Czech Republic

12108 Signins

124962 Page Views

  • Posts: 2032
  • Registered: ‎11-28-2007
  • Location: Czech Republic
  • Views: 124962
  • Message 5 of 8

Re: LSC Vulnerabilities Identified

2015-12-08, 21:19 PM

Reading the vulnerability description I can say this is not just an ordinary bug "that happens", this is a total software architecture failure :smileyfrustrated:

 

I would recommend to also verify Lenovo Settings Dependency Package whether there is not similar issue.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Reply
Options

8095 Posts

11-19-2007

United States of America

10101 Signins

400183 Page Views

  • Posts: 8095
  • Registered: ‎11-19-2007
  • Location: United States of America
  • Views: 400183
  • Message 6 of 8

Re: LSC Vulnerabilities Identified

2015-12-10, 22:45 PM

 

All,

 

The patched version 2.8.006 and 3.2.002 are released today for self update through LSC and should be available for download via the support site soon - perhaps as early as tommorow.

 

I was on 2.8.005 and launched LSC and it updated this afternoon to 2.8.006.

 

Best regards,

 

Mark

Reply
Options

5 Posts

06-21-2013

Australia

10 Signins

62 Page Views

  • Posts: 5
  • Registered: ‎06-21-2013
  • Location: Australia
  • Views: 62
  • Message 7 of 8

Re: LSC Vulnerabilities Identified

2015-12-10, 23:18 PM

Thank you Mark_Lenovo

Reply
Options

2725 Posts

05-01-2010

United States of America

12953 Signins

149183 Page Views

  • Posts: 2725
  • Registered: ‎05-01-2010
  • Location: United States of America
  • Views: 149183
  • Message 8 of 8

Re: LSC Vulnerabilities Identified

2015-12-10, 23:31 PM

That's good news! SmileyXmasSantapluglights01.gif






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-Present
I am not employed by Microsoft or Lenovo.

Using Browser Search to Find Your Answers In Lenovo and Moto Community
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms