Skip to main content
  1. Home
  2. Computing
  3. News

Your Lenovo laptop may have a serious security flaw

By
Add as a preferred source on Google
Lenovo laptop on desk
Vlad Bagacian/Unsplash

Users of older Lenovo laptops should beware of a security flaw that may affect their PCs, particularly if their laptops are still running a program called Lenovo Solution Center.

According to Laptop Magazine, security researchers at Pen Test Partners have discovered a security vulnerability that could effectively “hand admin privileges over to hackers or malware.” And since the flaw affects Lenovo laptops that came pre-installed with the Lenovo Solution Center program, millions of older Lenovo laptops could be affected by the flaw. This is because Lenovo laptops had the program installed for years, from 2011 all the way to November 2018.

Recommended Videos

Pen Test Partners published its own post about the flaw on Thursday, August 22. In the post, PTP described the flaw as a “privilege escalation vulnerability” which allows the use of a DACL (discretionary access control list) overwrite bug and a “hardlink” (pseudo) file to let “the low-privileged user take full control of a file they shouldn’t normally be allowed to. This can, if you’re clever, be used to execute arbitrary code on the system with Administrator or System privileges.”

Lenovo issued its own security warning about the flaw on Tuesday, August 20. In this statement, Lenovo said that the flaw affected devices running Lenovo Solution Center version 03.12.003 and recommend that Lenovo users should go ahead and uninstall Lenovo Solution Center (which is no longer supported) and “migrate to Lenovo Vantage or Lenovo Diagnostics.” Lenovo’s security warning statement also included instructions on how to uninstall Lenovo Solution Center for devices running Windows 10, Windows 8, and Windows 7.

It’s also worth noting that in its post, Pen Test Partners also noted a discrepancy involving the actual end-of-life date for the Lenovo Solution Center program:

“Whilst Lenovo were responsive to my disclosure, when we reported this to them back in May, their LSC download page noted that the tool went end of life in November 2018…But just after their disclosure went out, we noticed they had changed the end-of-life date to make it look like it went end of life even before the last version was released. Their own vulnerability advisory states: ‘Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.’… yet the last release of LSC was on 15th October 2018 … Could it be a typo, or were Lenovo trying to cover their tracks? Misleading and strange.”

The Register asked Lenovo about the end-of-life date discrepancy and the laptop manufacturer responded with the following statement:

“It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”

Digital Trends has reached out to Lenovo for comment, and we’ll update this article once we receive a response.

Anita George
Anita George
Former Computing Writer
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
Topics
Intel Core 3 test shows it could give Windows laptops a fighting chance again MacBook Neo
Fresh PassMark scores suggest Wildcat Lake is closing the gap with Apple's A18 Pro.
Intel Core Series 3 Processors Featured

Apple's MacBook Neo has shaken up the budget laptop market with its $599 price tag and surprisingly capable A18 Pro chip. But if fresh benchmark numbers are anything to go by, Intel may finally have a worthy response. The company's upcoming Core 3 304 processor has surfaced on PassMark, and the results suggest that entry-level Windows laptops could soon be much more competitive.

Intel's Core 3 304 is closing the gap with Apple's A18 Pro

Read more
Hackers leak facial recognition records tied to millions of Madison Square Garden visitors
Facial Recognition Composite

Madison Square Garden has spent years using facial recognition technology to monitor who enters its venues. Now, that same surveillance system is at the center of what could become one of the year's most troubling privacy breaches.

The cybercrime group ShinyHunters has published a massive cache of data allegedly stolen from Madison Square Garden Entertainment after the company missed a ransom deadline. According to reports, the leak includes facial recognition records, customer information, internal security assessments, and other sensitive data tied to millions of visitors. While large-scale breaches have become depressingly common, this one feels different. Most data leaks involve passwords, email addresses, or financial information. This breach reportedly includes something far more personal: information connected to how people were monitored and identified in physical spaces.

Read more
Windows 11’s modern Media Player is somehow worse than the version from 17 years ago
The modern Media Player for Windows 11 is slower and heavier than the classic version
Windows 11 media player user interface

Microsoft has released a new Insider Preview update for the modern Windows 11 Media Player. However, the app is facing criticism after tests revealed it uses more memory and opens local video files more slowly than the classic 17-year-old Windows Media Player.

The update adds some useful fixes, including better captions, clearer codec errors, and improved file recognition. But the biggest complaints remain higher RAM usage and paid codec support for some common video formats. The update is not available to everyone yet. Media Player version 11.2605.14.0 has only arrived on Experimental Insider builds as part of Microsoft’s June 12 Insider Preview releases.

Read more