cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
emmjay
WWAN
Posts: 221
Registered: ‎03-20-2008
Location: Canada
Views: 1,126
Message 1 of 8

LSC Vulnerabilities Identified

Note that all of these vulnerabilities appear to require that the user has launched the Lenovo Solution Center at least once. Simply closing the Lenovo Solution Center does appear to stop the vulnerable LSCTaskService process.

 

Lenovo has provided the following statement:...

 

"Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available."

 

ImpactL   By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges.

 

Solution The CERT/CC is currently unaware of a practical solution to this problem.

T23: 2647-8RU, Ubuntu 12.04 LTS
A61E: 6418-12U, W7/Pro 64
X200: 7454-CTO, W7/Pro 32

marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 1,076
Message 2 of 8

Re: LSC Vulnerabilities Identified

so....we remove it....how do we get word of a fix?
Community SeniorMod
Community SeniorMod
Posts: 2,010
Registered: ‎05-01-2010
Location: US
Views: 1,069
Message 3 of 8

Re: LSC Vulnerabilities Identified

Surely Lenovo's article will be updated. I'll also post back here as well in case others miss the updated info.






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-
I am not employed by Microsoft or Lenovo.

  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 1,066
Message 4 of 8

Re: LSC Vulnerabilities Identified

That would be awesome. Do you know if there is an rss to lenovo security advisories?
Puppy
Bit Torrent
Posts: 1,822
Registered: ‎11-28-2007
Location: CZ
Views: 1,016
Message 5 of 8

Re: LSC Vulnerabilities Identified

Reading the vulnerability description I can say this is not just an ordinary bug "that happens", this is a total software architecture failure Smiley Frustrated

 

I would recommend to also verify Lenovo Settings Dependency Package whether there is not similar issue.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Highlighted
Former Administrator
Posts: 8,592
Registered: ‎11-19-2007
Location: US
Views: 972
Message 6 of 8

Re: LSC Vulnerabilities Identified

 

All,

 

The patched version 2.8.006 and 3.2.002 are released today for self update through LSC and should be available for download via the support site soon - perhaps as early as tommorow.

 

I was on 2.8.005 and launched LSC and it updated this afternoon to 2.8.006.

 

Best regards,

 

Mark

marksit
Paper Tape
Posts: 5
Registered: ‎06-20-2013
Location: Australia
Views: 966
Message 7 of 8

Re: LSC Vulnerabilities Identified

Thank you Mark_Lenovo

Community SeniorMod
Community SeniorMod
Posts: 2,010
Registered: ‎05-01-2010
Location: US
Views: 962
Message 8 of 8

Re: LSC Vulnerabilities Identified

That's good news! SmileyXmasSantapluglights01.gif






Microsoft MVP Consumer Security 2006-2016 / Windows Insider MVP 2016-
I am not employed by Microsoft or Lenovo.

  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Check out current deals!


Shop current deals