Lenovo Solution Center Fix

News
by Lidia Howler
May 9, 2016

Pre-installed bloatware causing major security problems for users

A security vulnerability in the Lenovo Solution Center (LSC) support tool was fixed by Lenovo. LSC was earlier reported to be a source for some major security problems which could be exploited by hackers to run malicious code with system privileges and take over the PC.

Lenovo Solution Center (LSC) software is installed in advance on many laptops and desktops by the company itself.  It provides users with details about their system information and helps them manage updates and backups. It also gives information about the battery status, provides registration info management and the possibility to run hardware tests.

hammer-28636_1280

What is Bloatware? (How to Remove Bloatware from Android and Windows)

The application has two main components – the UI and the LSCTaskService which is always running in the background. Two weeks ago Lenovo released the new LSC version 3.3.002 with a fix for a local vulnerability. The flaw was detected and reported by Trustwave and could be exploited by local Windows users through a malicious code implementation. This way, hackers may gain system level privileges and could take over an end user’s machine. Another weak point in the application is the CSRF (cross-site request forgery) vulnerability, which may put users in a potential danger if they happen to open a malicious website or infected web page. Running in the backend or not, the LSC may still provide backdoors for hackers to take advantage of and expose user’s computer.

These newly detected vulnerabilities are the most recent in a line of flaws related to pre-installed software by manufacturers on their machines. Among the users, such software is more known as a bloatware, as it often happens to come with some free features as well as some weak points compromising the security of the machine. Last year in December, another flaw was detected in the same LSC application of Lenovo.

In order to apply the new fix updates, users should download and install the latest version of the Lenovo Solution Center manually directly from the company website.

 


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

View all posts

Leave a Comment