Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Lenovo Attempts To Cover Up Latest Software Flaw
Quote:Security researchers from Pen Test Partners have found a privilege escalation vulnerability in the Lenovo Solution Centre (LSC) utility that's found on the majority of Lenovo’s Windows laptops. The bug could have allowed anyone with any sort of local or remote access to the machines to gain administrator privileges and take over the systems.
According to the PTP researchers, when they first reported the vulnerability to Lenovo, the company took the strange action of backdating the end-of-life (EOL) for the LSC tool. The EOL was initially listed as November 30, 2018, but then Lenovo moved it to April 2018, which was right after the PTP researchers revealed the bug to Lenovo.

TheRegister asked Lenovo why it was changing the EOL date "to make it look like they were releasing updates for a product they had already EOL'd."The company’s statement essentially confirmed that Lenovo was interested in making it look like they were updating a product that supposedly had already lost support:

"It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”

This isn’t the first time Lenovo has been caught either with spy tools or broken security on its laptops. It seems the company hasn’t improved all that much since the Superfish scandal broke out.

Forum Jump:

Users browsing this thread: 1 Guest(s)