Lenovo Is In A Bundle Of Trouble … Again
Stop Me If You’ve Heard This One Before
You might recall SuperFish from years back, or perhaps it was when Lenovo chose to hard code 12345678, the third most popular password of 2015, to protect their ShareIT application, or the vulnerabilities in their Accelerator support app or possibly even the issue with the Lenovo System Update but chances are you have heard of security issues with the applications bundled with your fancy Lenovo device.
Not one to back down from a challenge, we now have a new privilege escalation vulnerability on Lenovo products via the Lenovo Solution Centre, one which has been around since 2011. This revelation did spur immediate action on Lenovo’s part, as they quickly moved back the EoL date for the product from November of last year to April. The Register noticed there was something a little fishy with this, seeing as how the last update was pushed out in October which is a strange thing to do for an EoL product.
Long story short, if you have Lenovo Solution Centre installed on any of your machines, take a moment to uninstall it.
Uninstall Lenovo Solution Centre, and if you're really keen you can install Lenovo Vantage and/or Lenovo Diagnostics to retain the same branded functionality, albeit without the priv-esc part.
More Tech News From Around The Web
- Google and Dell Team Up To Take on Microsoft with Chromebook Enterprise Laptops @ Slashdot
- Got a burning desire for a Hololens 2.0? Microsoft insists its math coprocessor won’t be too hot for headgear @ The Register
- Open Source Linux Celebrating the 28th Anniversary of the Linux Kernel @ Slashdot
- The Satellite Phone You Already Own: From Orbit, UbiquitiLink Will Look Like A Cell Tower @ Hackaday
- Intel Xe Graphics Preview: What we know (and what we don’t) @ Techspot
I kind of wrote them off as a massive security risk a long time ago. I am not sure I trust the other companies much more though. I guess when my old MacBook Pro dies, I might have to just get a new MacBook Pro. My current MacBook can’t be updated to the newest OS version but it still mostly handles what I use it for even though it is a core 2 duo (old 17 inch model). I have looked at some boutique makers though. I thought of getting a large linux laptop for work, but I have traveled with a large dell brick before and I don’t think I want something that heavy. Perhaps I should just get a iPad Pro and call it good.
“but chances are you have heard of security issues with the applications bundled with your fancy ThinkPad.”
Superfish et al were confined to the consumer models only, not present on business models (ThinkPad/ThinkCentre/etc).
Fair point … will edit.
Solution Centre on the other hand, though.