Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log […]

Lenovo Solution Centre

Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177.

Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011.

“A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation.” read the security advisory published by Lenovo. “Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.”

The vulnerability tracked as CVE-2019-6177 could be exploited by attackers to escalate privileges.

The company attempted to downplay the severity of the issue highlighting that the product is no longer supported, even if most of the laptops running of the Chinese vendor, Windows OS, are shipped with the flawed software.

“We found a privilege escalation vulnerability in the Lenovo Solution Centre (LSC) software, which came pre-installed on many Windows-based Lenovo devices.” states the post published by Pen Test Partners.

“The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control. In this scenario, a low-privileged user can write a ‘hardlink‘ file to the controllable location – a pseudofile which really points to any other file on the system that the low-privileged user doesn’t have control of.”

The experts explained that the Lenovo Solution Centre adds a task at “\Lenovo\Lenovo Solution Center Launcher”, which runs with “highest privileges”.

Lenovo Solution Centre

The task created by the LSC runs the LSC.Services.UpdateStatusService.exe binary 10 minutes after a login event.

The binary executed by the scheduled task overwrites the DACL of the Lenovo product’s logs folder, giving everyone in the Authenticated Users usergroup full read/write access to them. Everyone is a member of Authenticated Users, this means that everyone could access those files.

In order to exploit the flaw, attackers have to create a hardlink file in the C:\ProgramData\Lenovo\LSC\log\ directory that points to the file he wants to overwrite the privileges of.

It is quite easy for an attacker with access to the machine to run arbitrary code with administrator-level privileges.

“Then you log out, log in, and 10 minutes later, the hosts file DACL will be overwritten.” wrote the researchers.

The only way to fix the issue is to uinstall Lenovo Solution Centre, customers could install Lenovo Vantage or Lenovo Diagnostics to have the same functionalities.

Pen Test Partners criticized the way Lenovo managed the report of the flaw because Lenovo seems to have moved the EOL date back to April 2018.

“But just after their disclosure went out, we noticed they had changed the end of life date to make it look like it went end of life even before the last version was released.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Lenovo Solution Centre, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]