Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Windows

Lenovo Patches Serious Flaw In Pre-Installed Support Tool (csoonline.com) 22

Reader itwbennett writes: Lenovo has made available a patch for the vulnerability in its Lenovo Solution Center, a support tool which comes pre-installed on many Lenovo laptops and desktops. The vulnerability could allow attackers to execute code with system privileges and take over computers. Users should automatically be prompted to update LSC when they open the application, but in case they aren't, they should download the latest version (3.3.002) manually from Lenovo's website. This is not the first time such a vulnerability has been found and fixed in LSC. In fact, Lenovo updated an old advisory for flaws reported in December with information about the new vulnerability, making it somewhat hard to spot.
This discussion has been archived. No new comments can be posted.

Lenovo Patches Serious Flaw In Pre-Installed Support Tool

Comments Filter:
  • What is this, a serious flaw patched about half a year after it went public?

  • Here is an idea (Score:2, Insightful)

    by Anonymous Coward

    Don't install anything other than the Operation System.

    Thank you!

  • by Anonymous Coward

    Step one with any newly-purchased Windows laptop: back up the recovery partition (in case it turns out I need some obscure drivers somehow not available online).

    Step two: Zero the disk.

  • I don't know about lenovo but Asus does not have any drivers on their website at all for my laptop. The only way to get drivers is to run their "support" program, which hasn't had any updates for me in a while. I'm keeping the laptop at 8.1 because I'm pretty sure if I upgrade I won't get any windows 10 drivers.

  • According to the source you need to update to version 3.3.002 which had been available since 2/10/2016. http://support.lenovo.com/us/e... [lenovo.com]
  • They really do not care about security. Last time it was superfish that basically removed validation for all certificates.

    And when asked they just said "We thought our customers would want that"

    Never buying Lenovo

God made machine language; all the rest is the work of man.