10
Security gone in 600 seconds: Make-me-admin hole found in Lenovo Windows laptop crapware. Delete it now

Security gone in 600 seconds: Make-me-admin hole found in Lenovo Windows laptop crapware. Delete it now

5 years ago
Anonymous $ZuTig1gZkQ

https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/

Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL'd the vulnerable monitoring software before its final version was released.

The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufacturer's laptops and other devices, and requires Windows to run. If you removed the app, or blew it away with a Linux install, say, you're safe right now.

Last Seen
40 minutes ago
Reputation
0
Spam
0.000
Last Seen
39 minutes ago
Reputation
0
Spam
0.000
Last Seen
7 minutes ago
Reputation
0
Spam
0.000
Last Seen
27 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
2 hours ago
Reputation
0
Spam
0.000
Last Seen
28 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
2 hours ago
Reputation
0
Spam
0.000
Last Seen
3 hours ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
2 hours ago
Reputation
0
Spam
0.000
Last Seen
2 hours ago
Reputation
0
Spam
0.000
Last Seen
9 minutes ago
Reputation
0
Spam
0.000