Posted by on
Categories: Hack Lenovo

@Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus.

The pre-installed OEM software helps users update #Lenovo tools and manage features like firewalls.

Attackers with existing but unprivileged hacked access can gain privilege escalation to run tasks with local system rights.

Trustwave lead researcher @MartinRakhmanov quietly reported the flaws (CVE-2016-5249 – CVE-2016-5248) to Lenovo which issued a patch.

“This could be used in mounting further attacks by disabling anti-virus or some other protection mechanisms for instance,” Rakhmanov says.

“Specifically, we at @Trustwave SpiderLabs’found that the new version, even though significantly reworked, still allowed

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.