cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
emmjay
WWAN
Posts: 221
Registered: ‎03-20-2008
Location: Canada
Views: 1,040
Message 1 of 8

LSC Vulnerabilities Identified

Note that all of these vulnerabilities appear to require that the user has launched the Lenovo Solution Center at least once. Simply closing the Lenovo Solution Center does appear to stop the vulnerable LSCTaskService process.

 

Lenovo has provided the following statement:...

 

"Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available."

 

ImpactL   By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.

 

Solution The CERT/CC is currently unaware of a practical solution to this problem.

T23: 2647-8RU, Ubuntu 12.04 LTS
A61E: 6418-12U, W7/Pro 64
X200: 7454-CTO, W7/Pro 32

marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 990
Message 2 of 8

Re: LSC Vulnerabilities Identified

so....we remove it....how do we get word of a fix?
Community SeniorMod
Community SeniorMod
Posts: 1,963
Registered: ‎05-01-2010
Location: US
Views: 983
Message 3 of 8

Re: LSC Vulnerabilities Identified

Surely Lenovo's article will be updated. I'll also post back here as well in case others miss the updated info.












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 980
Message 4 of 8

Re: LSC Vulnerabilities Identified

That would be awesome. Do you know if there is an rss to lenovo security advisories?
Puppy
Bit Torrent
Posts: 1,820
Registered: ‎11-28-2007
Location: CZ
Views: 930
Message 5 of 8

Re: LSC Vulnerabilities Identified

Reading the vulnerability description I can say this is not just an ordinary bug "that happens", this is a total software architecture failure Smiley Frustrated

 

I would recommend to also verify Lenovo Settings Dependency Package whether there is not similar issue.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Highlighted
Former Administrator
Posts: 8,592
Registered: ‎11-19-2007
Location: US
Views: 886
Message 6 of 8

Re: LSC Vulnerabilities Identified

 

All,

 

The patched version 2.8.006 and 3.2.002 are released today for self update through LSC and should be available for download via the support site soon - perhaps as early as tommorow.

 

I was on 2.8.005 and launched LSC and it updated this afternoon to 2.8.006.

 

Best regards,

 

Mark

marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 880
Message 7 of 8

Re: LSC Vulnerabilities Identified

Thank you Mark_Lenovo

Community SeniorMod
Community SeniorMod
Posts: 1,963
Registered: ‎05-01-2010
Location: US
Views: 876
Message 8 of 8

Re: LSC Vulnerabilities Identified

That's good news! SmileyXmasSantapluglights01.gif












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Check out current deals!


Shop current deals