The Channel logo

News

By | Darren Pauli 27th June 2016 03:56

Lenovo Solution Center portal patched to shutter hacker god mode hole

Hack hole turns pleb users to admin queens, kills AV to boot

Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus.

The pre-installed OEM software helps users update Lenovo tools and manage features like firewalls.

Attackers with existing but unprivileged hacked access can gain privilege escalation to run tasks with local system rights.

Trustwave lead researcher Martin Rakhmanov quietly reported the flaws (CVE-2016-5249 - CVE-2016-5248) to Lenovo which issued a patch.

"This could be used in mounting further attacks by disabling anti-virus or some other protection mechanisms for instance," Rakhmanov says.

"Specifically, we at Trustwave SpiderLabs' found that the new version, even though significantly reworked, still allowed unprivileged users to elevate privileges to LocalSystem."

Rakhmanov says that the TCP server API that loads .NET assemblies from disk does not do so from only trusted paths, as intended. Instead, it loads any .NET assembly on the same partition where the Lenovo Solution Center software is installed.

Attackers can load their malicious .NET assemblies into a privileged process, granting them easy privilege escalation.

Users should upgrade to version 3.3.003 of the Lenovo Solution Center or uninstall it to protect themselves.

Lenovo took about five weeks to fix the flaw, faster than when similar holes were reported in Solution Centre in May. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock