Security gone in 600 seconds: Make-me-admin hole found in Lenovo Windows laptop crapware. Delete it now
https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/
Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL'd the vulnerable monitoring software before its final version was released.
The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufacturer's laptops and other devices, and requires Windows to run. If you removed the app, or blew it away with a Linux install, say, you're safe right now.
Security gone in 600 seconds: Make-me-admin hole found in Lenovo Windows laptop crapware. Delete it now
Aug 23, 2019, 7:30pm UTC
https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/
> Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL'd the vulnerable monitoring software before its final version was released.
> The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufacturer's laptops and other devices, and requires Windows to run. If you removed the app, or blew it away with a Linux install, say, you're safe right now.