Stop Me If You’ve Heard This One Before
You might recall SuperFish from years back, or perhaps it was when Lenovo chose to hard code 12345678, the third most popular password of 2015, to protect their ShareIT application, or the vulnerabilities in their Accelerator support app or possibly even the issue with the Lenovo System Update but chances are you have heard of security issues with the applications bundled with your fancy Lenovo device.
Not one to back down from a challenge, we now have a new privilege escalation vulnerability on Lenovo products via the Lenovo Solution Centre, one which has been around since 2011. This revelation did spur immediate action on Lenovo’s part, as they quickly moved back the EoL date for the product from November of last year to April. The Register noticed there was something a little fishy with this, seeing as how the last update was pushed out in October which is a strange thing to do for an EoL product.
Long story short, if you have Lenovo Solution Centre installed on any of your machines, take a moment to uninstall it.
Uninstall Lenovo Solution Centre, and if you're really keen you can install Lenovo Vantage and/or Lenovo Diagnostics to retain the same branded functionality, albeit without the priv-esc part.