Lenovo Solution Center portal patched to shutter hacker god mode hole
@Lenovo has patched a dangerous hole in its rebuilt Solution Center that could allow attackers to gain god mode access on hacked machines and to kill running processes including anti-virus.
The pre-installed OEM software helps users update #Lenovo tools and manage features like firewalls.
Attackers with existing but unprivileged hacked access can gain privilege escalation to run tasks with local system rights.
Trustwave lead researcher @MartinRakhmanov quietly reported the flaws (CVE-2016-5249 – CVE-2016-5248) to Lenovo which issued a patch.
“This could be used in mounting further attacks by disabling anti-virus or some other protection mechanisms for instance,” Rakhmanov says.
“Specifically, we at @Trustwave SpiderLabs’found that the new version, even though significantly reworked, still allowed