Computer manufacturer Lenovo has advised users to delete their own software because of several security holes for which no update available yet. It’s about the Lenovo Solution Center, which is standard on Lenovo systems running Windows 7, 8 and 10 will be installed.
Through the software, users can monitor the health and safety of the system. Three vulnerabilities in the application make it possible for an attacker to execute arbitrary code with system privileges remotely. For this, the attacker would need the user does have a special HTML document open, for example by sending an e-mail attachment or having to open a web page. In addition, the Solution Center to be loaded.
The vulnerability was directly disclosed by a researcher, including code to attack users. Lenovo has therefore no updated developed as the CERT Coordination Center reports (CERT / CC) at Carnegie Mellon University. According to the CERT / CC, there is therefore no practical solution to the problem. Lenovo has already let on its website that the vulnerability is being investigated. In anticipation of an update, the computer manufacturer advised users to uninstall the software, as if the problem is resolved.
No comments:
Post a Comment