Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dell, Toshiba and Lenovo Utilities Expose PCs To More Attacks

Posted by samzenpus on from the raise-shields dept.

jones_supa writes: It turns out that OEM helper software is still often quite fragile and can expose systems wide open to attack. Currently Lenovo, Dell and Toshiba all have unpatched vulnerabilities in their various support utilities for Windows. These vulnerabilities were discovered by a security researcher who goes by the name Slipstream, and he has posted details onlinealong with proof-of-concept exploit code. The vulnerabilities allow arbitrary code execution, planting malicious files and modifying system registry values.

5 of 89 comments (clear)

  1. Re:Yup by Anonymous Coward · · Score: 5, Insightful

    Most companies that produce PCs view the software side of things as a value-add - it's a checkbox criteria "put some shit on the box so we can say we have more shit". Unfortunately they view the software precisely like this - it's just shit, and it gets hacked together on a shoestring budget with no testing whatsoever. For most of us it'd be better if they just didn't add it in the first place.

  2. Windose Again by Anonymous Coward · · Score: 5, Informative

    Oh FFS:

    "LSCTaskService is further associated with a file called LSCController.dll, which contains methods that can be called using HTTP GET and POST requests to its port. LSCTaskService can be made to run arbitrary code in the unprotected directory %APPDATA%\LSC\Local Store with system privileges, using a LSCController method called RunInstaller."

    So javascript on a website can run arbitrary code with system privileges! FFS.

    And Dell too? Having been caught installing a backdoor cert on its PCs, here it is again.

  3. Re:Really? by justthinkit · · Score: 4, Interesting

    Yeah, but there is a new threat/consideration.

    I wanted to perma-block Windows 10 on the machines I look after. Ran the batch file that turns everything off. Job done.

    Two days later I notice the GWX icon on an HP machine. The "helpful" HP utilities (that I never consciously invoke myself) must have summoned the evil that is WX.

    So I re-ran the perma-blocker AND did my best to kill all vestiges of HP helpers on the machine. So far so good.

    --
    I come here for the love
  4. Re:Yup by houstonbofh · · Score: 5, Informative

    No but the PC Decrapifier will... https://www.pcdecrapifier.com/

  5. blatent malware by slashmydots · · Score: 4, Informative

    The last fairly new HP I worked on has no entry in the uninstall list for "Hp Support Assistant." I traced where the program launches from and it uses an acronym to hide behind. Then the uninstaller the directory actually references some HP solutions framework thing. I tried removing that from its entry on the control panel and it said it can't remove it because it was needed by the HP Support Assistant. So I ran the uninstaller directly from the directory and it did quite literally nothing. So I had to remove the entire directory and every reference to it in the various boot time locations in the registry to truly kill it. That's what I like to call malware. It literally violates US laws pertaining to software having to be removable by the user if they want. I'm sure there's some preinstallation EULA BS to get around it though. Great upgrade to that crapware, HP!