The Channel logo


By | Darren Pauli 27th June 2016 03:56

Lenovo Solution Center portal patched to shutter hacker god mode hole

Hack hole turns pleb users to admin queens, kills AV to boot

Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus.

The pre-installed OEM software helps users update Lenovo tools and manage features like firewalls.

Attackers with existing but unprivileged hacked access can gain privilege escalation to run tasks with local system rights.

Trustwave lead researcher Martin Rakhmanov quietly reported the flaws (CVE-2016-5249 - CVE-2016-5248) to Lenovo which issued a patch.

"This could be used in mounting further attacks by disabling anti-virus or some other protection mechanisms for instance," Rakhmanov says.

"Specifically, we at Trustwave SpiderLabs' found that the new version, even though significantly reworked, still allowed unprivileged users to elevate privileges to LocalSystem."

Rakhmanov says that the TCP server API that loads .NET assemblies from disk does not do so from only trusted paths, as intended. Instead, it loads any .NET assembly on the same partition where the Lenovo Solution Center software is installed.

Attackers can load their malicious .NET assemblies into a privileged process, granting them easy privilege escalation.

Users should upgrade to version 3.3.003 of the Lenovo Solution Center or uninstall it to protect themselves.

Lenovo took about five weeks to fix the flaw, faster than when similar holes were reported in Solution Centre in May. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe