Monday, June 27, 2016

Lenovo Solution Center portal patched to shutter hacker god mode hole

@Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus.

The pre-installed OEM software helps users update #Lenovo tools and manage features like firewalls.

Attackers with existing but unprivileged hacked access can gain privilege escalation to run tasks with local system rights.

Trustwave lead researcher @MartinRakhmanov quietly reported the flaws (CVE-2016-5249 - CVE-2016-5248) to Lenovo which issued a patch.

"This could be used in mounting further attacks by disabling anti-virus or some other protection mechanisms for instance," Rakhmanov says.

"Specifically, we at @Trustwave SpiderLabs'found that the new version, even though significantly reworked, still allowed 

http://www.theregister.co.uk/2016/06/27/lenovo_patch_solution_center/

No comments:

Post a Comment