starbuck Posted May 6, 2016 Posted May 6, 2016 A security flaw in software that's preinstalled on millions of Lenovo devices lets malware run at the system-level. A serious security vulnerability has been discovered in software that's installed on almost every Lenovo notebook, tablet, and PC -- potentially affecting millions of users. The affected Lenovo Security Center software allows users to see the overall health of their device, from hardware and software status, network connections, and installed security features. But security researchers have found a way to raise the privileges of the software, which could let an attacker gain access to the whole system, according to a soon-to-be-released blog post by security firm Trustwave. In other words, a hacker can run malware at a system-wide level -- even if the app doesn't appear to be running. The good news is that Lenovo quickly patched the software after details of the vulnerability were privately disclosed. The computer giant rolled out the new software last week, which will automatically ask users to install when they next open the software. The software, often called "bloatware," comes installed as standard on ThinkPads, ThinkPad tablets, ThinkCenter and ThinkStation, IdeaCenter and some IdeaPads, running Windows 7 and later. But this often-unwanted software -- also known as "crapware" -- remains a major issue in PC and mobile circles, particularly because it's known to put system security at risk. Case in point, it's the third problem that Lenovo has been forced to address in relation to using preinstalled software in the past two years. A security researcher discovered a trifecta of security flaws, affecting software that's preinstalled on laptops made by Toshiba, Dell, and Lenovo. The flaw similarly would have allowed an attacker to run malware at the system level, regardless of what kind of user is logged in. A user would have to be tricked into opening a specially-crafted web page, such as through a drive-by download or a link in an email. Lenovo was also caught up in the "Superfish" adware scandal last year. The company later promised to stop bundling preinstalled bloatware on the computers and devices it sells. Source: http://www.zdnet.com/article/flaw-ridden-bloatware-put-nearly-every-lenovo-pc-at-risk-from-hackers/#ftag=RSSbaffb68 Quote
FPCH Staff Tony D Posted May 6, 2016 FPCH Staff Posted May 6, 2016 (edited) There's no mention about anti-malware apps being able to detect this. Wonder if an anti-rootkit app would detect it. Edited May 6, 2016 by Tony D Quote
starbuck Posted May 6, 2016 Author Posted May 6, 2016 Hi Tony, It's not something that can be detected like malware. It's a flaw in the software that could be used by a hacker to plant malware. Quote
FPCH Admin allheart55 Cindy E Posted May 6, 2016 FPCH Admin Posted May 6, 2016 Here we go again with Lenovo. I just picked a new Lenovo laptop out for my daughter-in-law's mother. She ordered it three days ago. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
FPCH Admin allheart55 Cindy E Posted May 6, 2016 FPCH Admin Posted May 6, 2016 It sure seems like it. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
starbuck Posted May 6, 2016 Author Posted May 6, 2016 I just picked a new Lenovo laptop out for my daughter-in-law's mother. and I picked out a tower yesterday as a replacement for the wifes old ailing Win7 system ( that has had more illnesses than a hypochondriac ) Luckily I resisted buying it. Quote
FPCH Admin allheart55 Cindy E Posted May 6, 2016 FPCH Admin Posted May 6, 2016 Luckily I resisted buying it. :D She didn't resist, my bad. Luckily, she wants me to install windows 7 on it for her so it will be wiped clean anyway. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Recommended Posts