Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dell, Toshiba and Lenovo Utilities Expose PCs To More Attacks

Posted by samzenpus on from the raise-shields dept.

jones_supa writes: It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack. Currently Lenovo, Dell and Toshiba all have unpatched vulnerabilities in their various support utilities for Windows. These vulnerabilities were discovered by a security researcher who goes by the name Slipstream, and he has posted details onlinealong with proof-of-concept exploit code. The vulnerabilities allow arbitrary code execution, planting malicious files and modifying system registry values.

19 of 89 comments (clear)

  1. Re:Yup by Anonymous Coward · · Score: 5, Insightful

    Most companies that produce PCs view the software side of things as a value-add - it's a checkbox criteria "put some shit on the box so we can say we have more shit". Unfortunately they view the software precisely like this - it's just shit, and it gets hacked together on a shoestring budget with no testing whatsoever. For most of us it'd be better if they just didn't add it in the first place.

  2. Windose Again by Anonymous Coward · · Score: 5, Informative

    Oh FFS:

    "LSCTaskService is further associated with a file called LSCController.dll, which contains methods that can be called using HTTP GET and POST requests to its port. LSCTaskService can be made to run arbitrary code in the unprotected directory %APPDATA%\LSC\Local Store with system privileges, using a LSCController method called RunInstaller."

    So javascript on a website can run arbitrary code with system privileges! FFS.

    And Dell too? Having been caught installing a backdoor cert on its PCs, here it is again.

    1. Re:Windose Again by viperidaenz · · Score: 2

      It's not Window's fault.

      it's not really any different than buying a pre-installed Linux computer that has a OEM utility running as root that does the same thing.

  3. Re:Really? by justthinkit · · Score: 4, Interesting

    Yeah, but there is a new threat/consideration.

    I wanted to perma-block Windows 10 on the machines I look after. Ran the batch file that turns everything off. Job done.

    Two days later I notice the GWX icon on an HP machine. The "helpful" HP utilities (that I never consciously invoke myself) must have summoned the evil that is WX.

    So I re-ran the perma-blocker AND did my best to kill all vestiges of HP helpers on the machine. So far so good.

    --
    I come here for the love
  4. Re:well, of course they do by perpenso · · Score: 3, Interesting

    haven't they always?

    I don't know. I've been building my own PCs and installing OEM Windows since 486 days. I also use this thing called the "No" or "Cancel" button when installers and websites generously offer me things I was not looking for. I really don't understand many of the PC/Windows problems that so many talk about. ;-)

  5. Re:Yup by houstonbofh · · Score: 5, Informative

    No but the PC Decrapifier will... https://www.pcdecrapifier.com/

  6. Re:One can dream by mikael · · Score: 2

    You can. Those local shops that build PC's for you can also get you a vanilla Windows install CD without the crudware. Your on your own with hardware drivers though.

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  7. Re:well, of course they do by Anonymous Coward · · Score: 2, Funny

    Jimmy, you're a very special child. It would seem you have the ability to tell the difference between actual content, and ads.

  8. Re:Yup by ArmoredDragon · · Score: 3, Informative

    A note on this, that I think is very important, is that Microsoft likes to stress that genuine Windows guarantees you'll be free of malware and exploits, but this is just false. In fact, I might even go so far as to say that it's the least guarantee (with the exception of Chinese flea markets.)

    The one and only way to guarantee that your copy of Windows isn't infected with malware is to do the following:

    Download the ISO from The Pirate Bay (use terms like untouched or MSDN with the OS version you download) and run an SHA1 hash against it. Google the hash, and if it matches what Microsoft publishes on the MSDN site, then you have no chance of being compromised.

    Burn that or copy it to a thumb drive, boot it from bios, press shift+f10, type 'diskpart', type 'list disk', then 'select disk #' (where # is the primary boot disk number you see listed; likely disk 0), then 'clean'. There, now you've eliminated any chance of malware (and yes, this also wipes out the recovery partition, but you don't want it anyways as it likely contains exploitable OEM crapplets, plus it's needlessly using up part of your primary disk.)

  9. Re:Yup by edtice1559 · · Score: 2

    Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription. Vendor-installed OS may come already compromised or with malware installed. If you want to save money, you could achieve the same thing installing Linux and the steps to download are a lot simpler. I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported. The alternative to paid Windows is free Linux not pirated Windows.

  10. Re:Yup by Dutch+Gun · · Score: 2

    Or, for people who would prefer not to install some third-party crapware to get rid of other third-party crapware... you could type "windows start" into search, and it shows "See which processes start up automatically when you start Windows". Click on this (or press CTRL-Shift-Escape and click on the "Startup" tab), and you see a list of these processes. You'll see a category called "Startup Impact", with values of Low, High, or None (if disabled). You can right-click and disable these items right from that list, or open the folder location so you can figure out what they are, etc.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  11. Re:well, of course they do by hairyfeet · · Score: 3, Informative

    And there is always PC Decrapifier for those PCs that come with "restore partitions" filled with crap, so I really don't get the big deal either.

    Of course this is one more reason to go to your local system builder, the only software I install other than Windows is freeware that people can use like a full AV, Libre Office, Pale Moon and Comodo Dragon browsers with Adblock Plus,all spyware free.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  12. blatent malware by slashmydots · · Score: 4, Informative

    The last fairly new HP I worked on has no entry in the uninstall list for "Hp Support Assistant." I traced where the program launches from and it uses an acronym to hide behind. Then the uninstaller the directory actually references some HP solutions framework thing. I tried removing that from its entry on the control panel and it said it can't remove it because it was needed by the HP Support Assistant. So I ran the uninstaller directly from the directory and it did quite literally nothing. So I had to remove the entire directory and every reference to it in the various boot time locations in the registry to truly kill it. That's what I like to call malware. It literally violates US laws pertaining to software having to be removable by the user if they want. I'm sure there's some preinstallation EULA BS to get around it though. Great upgrade to that crapware, HP!

    1. Re:blatent malware by sasparillascott · · Score: 2

      Amazing the lengths they go through to make it so you can't uninstall their "utility" and HP isn't even on this "bad list". I wonder if that is because this guy just didn't get to them yet? I can understand the PC Vendors wanting it on there - for the consumers that call them and have no clue after they've botched things up...but making it so you can't uninstall it moves into the realm of them thinking its their computer and not mine.

      This is the 2nd serious security botch up recently for Dell, the NSA must love them (remember it was outed recently they were installing a root certificate that is easily exploitable):

      http://arstechnica.com/securit...

      Whenever I get a new computer I image the drive (as is) so I can restore it (if & when I sell it in the future), have the associated drivers for it already downloaded separately and then nuke the drive from orbit repartitioning and fresh installing the OS...then only installing the hardware device drivers it needs. Even that isn't enough for some PC vendors (remember Lenovo was putting some of its monitoring software in the UEFI BIOS, nice extra feature of UEFI, so it would reinstall itself after you wiped the drive). Crazy.

  13. Re:Yup by ArmoredDragon · · Score: 3, Interesting

    Uh this is no more secure than if you paid for a retail copy and also verified the SHA1 or purchased an MSDN subscription.

    The problem with a retail copy is that your software that rips it is invariably going to place its own timestamps and other variations in the file, so your checksum likely won't be valid. An MSDN subscription is also likely too expensive for most people.

    I realize it's fun to get modded up for encouraging pirating Windows but it's not really a behavior that should be supported.

    If you buy a computer that has Windows installed, and it comes with a COA, then you already own a paid copy of Windows. If you look at the license terms, the COA itself is proof that you own a copy of Windows, and so long as you install the same edition (home, pro, etc) and license channel type (retail, upgrade, OEM) to match that COA, then it's not a pirated copy. Want a simple way to ensure that? Easy: Download the best version possible (i.e. for 7, get ultimate, for 8+, get pro) and then when it asks, just type in the key listed on the COA. It will automatically select the version you've paid for and install it, and likewise it will even activate just fine with Microsoft's servers (or call in, if necessary.)

  14. Re: Interesting, thank you I will try this out by xiando · · Score: 3, Insightful

    A computer illiterate friend has a Windows-infected computer and would like to replace the HDD with a SSD and has been nagging me to do it (because I must know how since I've used GNU/Linux the past 15 years and have no idea how Windows works). If I can just download some ISO for the version already on the old hard-drive and type in the things on the sticker and it'll be a genuine copy then that's fantastic.

    As for the parent poster who was talking about "pirating" Windows: Please go kill yourself or give me my money back. You can't buy a non-Windows-infected computer and most of us have paid for dozens for Windows licenses that we've never ever used. If I ever do "pirate" a Windows copy then you can subtract that one against the zillion I've already paid for.

    --
    9/11: Never forget it was a false-flag operation
  15. Re:well, of course they do by Anonymous Coward · · Score: 2, Informative

    you might not want to admit that in public, some of it is free for non-commercial use. installing it as a system builder is commercial use unless you have permission

  16. Re:Really? by Anonymous Coward · · Score: 2, Informative

    The best is when you try to uninstall HP Security Centre, but Windows refuses to run the uninstaller because... wait for it... HP _revoked_ the certificate the uninstaller is signed with! Oh it's hilarious - let me get this straight:

    1. HP signs crapware with certificate X.
    2. HP pre-installs crapware on a zillion PCs/laptops.
    3. HP certificate ends up in the hands of retards who use it to sign a bunch of malware.
    4. HP panics and revokes the certificate.

    And now, due to HP's endless stream of incompetent boobery, I can no longer uninstall their garbage.

  17. Re:Really? by justthinkit · · Score: 2

    Couple I've looked at:

    DisableWinTracking

    I'm not sure where I got BlockWindows, so I'll just upload it here:
    BlockWindows

    --
    I come here for the love