Skip to main content
  1. Home
  2. Computing
  3. News

Your Lenovo laptop may have a serious security flaw

By
Lenovo laptop on desk
Vlad Bagacian/Unsplash

Users of older Lenovo laptops should beware of a security flaw that may affect their PCs, particularly if their laptops are still running a program called Lenovo Solution Center.

According to Laptop Magazine, security researchers at Pen Test Partners have discovered a security vulnerability that could effectively “hand admin privileges over to hackers or malware.” And since the flaw affects Lenovo laptops that came pre-installed with the Lenovo Solution Center program, millions of older Lenovo laptops could be affected by the flaw. This is because Lenovo laptops had the program installed for years, from 2011 all the way to November 2018.

Recommended Videos

Pen Test Partners published its own post about the flaw on Thursday, August 22. In the post, PTP described the flaw as a “privilege escalation vulnerability” which allows the use of a DACL (discretionary access control list) overwrite bug and a “hardlink” (pseudo) file to let “the low-privileged user take full control of a file they shouldn’t normally be allowed to. This can, if you’re clever, be used to execute arbitrary code on the system with Administrator or System privileges.”

Related

Lenovo issued its own security warning about the flaw on Tuesday, August 20. In this statement, Lenovo said that the flaw affected devices running Lenovo Solution Center version 03.12.003 and recommend that Lenovo users should go ahead and uninstall Lenovo Solution Center (which is no longer supported) and “migrate to Lenovo Vantage or Lenovo Diagnostics.” Lenovo’s security warning statement also included instructions on how to uninstall Lenovo Solution Center for devices running Windows 10, Windows 8, and Windows 7.

It’s also worth noting that in its post, Pen Test Partners also noted a discrepancy involving the actual end-of-life date for the Lenovo Solution Center program:

“Whilst Lenovo were responsive to my disclosure, when we reported this to them back in May, their LSC download page noted that the tool went end of life in November 2018…But just after their disclosure went out, we noticed they had changed the end-of-life date to make it look like it went end of life even before the last version was released. Their own vulnerability advisory states: ‘Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.’… yet the last release of LSC was on 15th October 2018 … Could it be a typo, or were Lenovo trying to cover their tracks? Misleading and strange.”

The Register asked Lenovo about the end-of-life date discrepancy and the laptop manufacturer responded with the following statement:

“It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”

Digital Trends has reached out to Lenovo for comment, and we’ll update this article once we receive a response.

Editors’ Recommendations

Topics
Anita George
Anita George
Computing Writer
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Don’t just buy the latest version of a laptop. It’s not always worth it
The ThinkPad X1 Carbon Gen 10 laptop, opened with a colorful wallpaper on the screen.

When shopping for a laptop, it's hard not to get sucked into buying the latest model. They're often widely available and marketed as the next big thing.

But as a reviewer who tests dozens of new laptops every year, I know the secret that laptop brands don't want to tell you. It's that more often than not, the latest version of a laptop may offer a very mild update to the previous generation, often just swapping in one CPU for another. That means if you can find the previous generation for cheaper, it's often a better use of your money. The key, though, is learning how to recognize a minor spec update on a laptop from something that's actually worth paying more for.
When updates just aren't enough

Read more
81% think ChatGPT is a security risk, survey finds
A laptop screen shows the home page for ChatGPT, OpenAI's artificial intelligence chatbot.

ChatGPT has been a polarizing invention, with responses to the artificial intelligence (AI) chatbot swinging between excitement and fear. Now, a new survey shows that disillusionment with ChatGPT could be hitting new highs.

According to a survey from security firm Malwarebytes, 81% of its respondents are worried about the security and safety risks posed by ChatGPT. It’s a remarkable finding and suggests that people are becoming increasingly concerned by the nefarious acts OpenAI’s chatbot is apparently capable of pulling off.

Read more
DuckDuckGo’s Windows browser is here to protect your privacy
The Duck Player feature of DuckDuckGo's Windows web browser, showing a video being played.

A few months ago, DuckDuckGo launched a privacy-focused browser on macOS. Well, Windows users no longer have to miss out, as the browser has found its way onto Microsoft’s operating system. If you want a web browsing experience that protects your privacy, it could be a good time to check it out.

The browser is available as a public beta, according to a blog post from DuckDuckGo. It comes with a bunch of built-in privacy protections that could be ideal if you’re tired of trackers and cookies snooping on your internet sessions.

Read more