Information security company Trustwave Holdings provided Digital Trends with an early glimpse into an upcoming blog set to be published on Friday afternoon, stating that the firm has discovered multiple vulnerabilities in the Lenovo Solution Center software that’s pre-installed on most Lenovo products including ThinkPad, ThinkPad Tablet, ThinkCentre and ThinkStation, IdeaCentre, and select Ideapad laptops.
The report was provided by Trustwave’s Martin Rakhmanov, and reveals that the vulnerabilities in this specific Lenovo software suite allows “unprivileged” local users to run arbitrary code with the highest system-level privileges. Typically, only the administrator has full system access, but the problem allows any non-administrator account on the computer to be used to hack the system.
The exploits were discovered in Lenovo Solution Center version 2.8.006 but affects all versions prior to 3.3.0002. Hackers can simply open up the Command Prompt to launch the Lenovo Solution Center service, or launch the Lenovo System Health and Diagnostics application through the Control Panel. After that, the hackers can enter a specific URL in any web browser and pull up the Device Manager running as LocalSystem instead of the current non-administrative user. For the full article click here
from hacker samurai http://ift.tt/1rC53IO
via IFTTT
No comments:
Post a Comment