Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lenovo Patches Serious Flaw In Pre-Installed Support Tool (csoonline.com)

Posted by msmash on from the catching-and-patching dept.

Reader itwbennett writes: Lenovo has made available a patch for the vulnerability in its Lenovo Solution Center, a support tool which comes pre-installed on many Lenovo laptops and desktops. The vulnerability could allow attackers to execute code with system privileges and take over computers. Users should automatically be prompted to update LSC when they open the application, but in case they aren't, they should download the latest version (3.3.002) manually from Lenovo's website. This is not the first time such a vulnerability has been found and fixed in LSC. In fact, Lenovo updated an old advisory for flaws reported in December with information about the new vulnerability, making it somewhat hard to spot.

10 of 22 comments (clear)

  1. Comment Subject: by korgitser · · Score: 1

    What is this, a serious flaw patched about half a year after it went public?

    --
    FCKGW 09F9 42
  2. Re:Not a bug, a feature. by EvilSS · · Score: 1

    Sincerely yours, the 3PLA.

    Lenovo is a Chinese company, so FTFY

    --
    I browse on +1 so AC's need not respond, I won't see it.
  3. Here is an idea by Anonymous Coward · · Score: 2, Insightful

    Don't install anything other than the Operation System.

    Thank you!

  4. dd if=/dev/zero of=/dev/sdb by Anonymous Coward · · Score: 1

    Step one with any newly-purchased Windows laptop: back up the recovery partition (in case it turns out I need some obscure drivers somehow not available online).

    Step two: Zero the disk.

  5. "Support" Tools used to hide the lack of support by Anonymous Coward · · Score: 1

    I don't know about lenovo but Asus does not have any drivers on their website at all for my laptop. The only way to get drivers is to run their "support" program, which hasn't had any updates for me in a while. I'm keeping the laptop at 8.1 because I'm pretty sure if I upgrade I won't get any windows 10 drivers.

  6. Fixed on Feb 2016 by martiniturbide · · Score: 1

    According to the source you need to update to version 3.3.002 which had been available since 2/10/2016. http://support.lenovo.com/us/e...

    1. Re:Fixed on Feb 2016 by martiniturbide · · Score: 1

      Opps, sorry, it seems I read something wrong. It says the fix was April.

  7. Superfish by fuzzyf · · Score: 1

    They really do not care about security. Last time it was superfish that basically removed validation for all certificates.

    And when asked they just said "We thought our customers would want that"

    Never buying Lenovo

  8. Re:Win 10 by redback · · Score: 1

    this is also the perfect fix for new laptops running 8.

    win 10 upgrade, set to keep nothing.

  9. Re:Uninstall those helper tools! by plover · · Score: 2

    I have purchased a couple of well-equipped Lenovo laptops, and it's amazing just how awful their shovelware makes those big honkin' machines perform. I may not know what all that software is doing, but I do know they soak up CPU cycles like it's their last day on earth. Then I make sure it is their last day on earth.

    The most frustrating thing about it is that when you pay that much for a higher-end computer, they feel they still have the right to shovel all that shitware onto your box so they can squeeze another lousy $20 bounty out of the sale. They're paying for it, though - I've been recommending friends and family avoid Lenovo, and so far they've lost thousands of dollars worth of our business. Enjoy your $20, Lenovo. Buy yourselves a couple of beers, then go beat up your finance guy who thinks that shovelware is a smart business plan.

    --
    John