Pre-installed bloatware causing major security problems for users again.
A security vulnerability in the Lenovo Solution Center (LSC) support tool was fixed by Lenovo. LSC was earlier reported to be a source for some major security problems which could be exploited by hackers to run malicious code with system privileges and take over the PC.
Lenovo Solution Center (LSC) software is installed in advance on many laptops and desktops by the company itself. It provides users with details about their system information and helps them manage updates and backups. It also gives information about the battery status, provides registration info management and the possibility to run hardware tests.
The application has two main components – the UI and the LSCTaskService which is always running in the background. Two weeks ago Lenovo released the new LSC version 3.3.002 with a fix for a local vulnerability. The flaw was detected and reported by Trustwave and could be exploited by local Windows users through a malicious code implementation. This way, hackers may gain system level privileges and could take over an end user’s machine. Another weak point in the application is the CSRF (cross-site request forgery) vulnerability, which may put users in a potential danger if they happen to open a malicious website or infected web page. Running in the backend or not, the LSC may still provide backdoors for hackers to take advantage of and expose user’s computer.
These newly detected vulnerabilities are the most recent in a line of flaws related to pre-installed software by manufacturers on their machines. Among the users, such software is more known as a bloatware, as it often happens to come with some free features as well as some weak points compromising the security of the machine. Last year in December, another flaw was detected in the same LSC application of Lenovo.
In order to apply the new fix updates, users should download and install the latest version of the Lenovo Solution Center manually directly from the company website.