Another Major Flaw in Lenovo Pre-installed Software Fixed
Gareth Andrews / 8 years ago
When you buy a new laptop you often get a bunch of software pre-installed, often called bloatware because of its use to fill up disk space even against the wishes of the new user. While some software is not wanted, often manufacturers install their own support tools such as those installed by Lenovo. The Lenovo Solutions Center has recently been updated to fix a major security issue that was present within the software.
The Lenovo Solution Center (LCS) gives users the ability to check their systems battery health, run hardware tests and monitor the status of their registration and warranty alongside virus and firewall information. Trustwave reported a local privilege escalation vulnerability issue, resulting in Lenovo releasing version 3.3.002 of their software in an attempt to fix the issue.
Local privilege escalation vulnerabilities allow software, often malicious in nature, to gain access to system resources that are normally locked or protected from outside interference by either the system or the user. This means that it could potentially access your files and system settings with a higher permission than you would allow unknown software to obtain.
The update should automatically be applied to users when they open Lenovo’s support tool, but users are advised to check and download the latest version from the company’s website if they aren’t certain about the updated version being present on their system. With this just being the latest in a long list of security flaws being found in pre-installed software, users are getting more and more cautious about “requiring” the bloatware that often comes with a new system.