Lenov-lol, a load of Tosh, and what the Dell? More bad holes found in PC makers' bloatware

L

LabZero

Thread author
Visit evil webpage – lose control of your computer

In brief Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told.

If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer, allowing them to install malware, spy on you, and cause other havoc. Any programs or software nasties already on your machine can exploit Lenovo Solution Center to gain admin access, and therefore full control, without you lifting a finger.

The vulnerabilities were discovered by infosec bod Slipstream – previously on these pages for discovering security holes in Dell and UK school IT admin software. The US CERT has issued an alert about the Lenovo holes, and the Chinese giant has urged people to uninstall its Solution Center as soon as possible.

"By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges," said CERT, which is backed by the US Department of Homeland Security.

"The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation."

You can fetch exploit binaries and source code, written in D, for the holes here if you want to see for yourself how terrible multimillion-dollar outfits Lenovo, Dell and Toshiba are at secure programming – bear in mind you'll be treated to a cute retro-demoscene-esque intro with audio while fetching the .zip.

Here's a round up of the bugs, according to CERT and Slipstream:

  • Lenovo...
    • Lenovo Solution Center creates a process called LSCTaskService that runs with full administrator rights, and fires up a web server on port 55555. It can be instructed via GET and POST HTTP requests to execute code in a directory a local user can access.
    • Lenovo Solution Center will execute, again with full privileges, programs found in an arbitrary location on disk where the user can write to. Put some bad software in there, and it will be executed with admin rights.
    • A classic cross-site request forgery (CSRF) vulnerability exists in the LSCTaskService process, allowing any visited webpage to pass commands to the local web server to execute with full privileges.
  • Dell's bundled utility Dell System Detect can be made to gain admin privileges and execute arbitrary commands – by feeding it a security token downloaded from, er, dell.com: a token granting Dell System Detect permission to install manuals can be abused to execute programs (such as malware) with admin privileges. This can be exploited by software on your computer to fully compromise the machine.
  • Toshiba's bundled Service Station tool can be abused by normal users and unprivileged software to read the majority of the operating system's registry as a SYSTEM-level user.
Lenovo has only just got round to patching holes in its System Update utility. It was previously this year caught up in a bloatware security blunder, as was Dell. ®
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Liked the sploit site as it reminded of old keygens that many times came along with great tunes.
 
  • Like
Reactions: Rishi and frogboy

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
Liked the sploit site as it reminded of old keygens that many times came along with great tunes.
We're playing with fire for mentioning piracy here... but some keygens have amazing 8-bit tunes. :D
Visit evil webpage – lose control of your computer

In brief Lenovo laptops and PCs can be hijacked by visiting a malicious website – and Dell and Toshiba machines suffer vulnerabilities, too, we're told.

If you're running the Lenovo Solution Center bundled with Lenovo gear, and you browse by an evil webpage, scripts on that page can run code with full system privileges on your computer, allowing them to install malware, spy on you, and cause other havoc. Any programs or software nasties already on your machine can exploit Lenovo Solution Center to gain admin access, and therefore full control, without you lifting a finger.

The vulnerabilities were discovered by infosec bod Slipstream – previously on these pages for discovering security holes in Dell and UK school IT admin software. The US CERT has issued an alert about the Lenovo holes, and the Chinese giant has urged people to uninstall its Solution Center as soon as possible.

"By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges," said CERT, which is backed by the US Department of Homeland Security.

"The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation."

You can fetch exploit binaries and source code, written in D, for the holes here if you want to see for yourself how terrible multimillion-dollar outfits Lenovo, Dell and Toshiba are at secure programming – bear in mind you'll be treated to a cute retro-demoscene-esque intro with audio while fetching the .zip.

Here's a round up of the bugs, according to CERT and Slipstream:

  • Lenovo...
    • Lenovo Solution Center creates a process called LSCTaskService that runs with full administrator rights, and fires up a web server on port 55555. It can be instructed via GET and POST HTTP requests to execute code in a directory a local user can access.
    • Lenovo Solution Center will execute, again with full privileges, programs found in an arbitrary location on disk where the user can write to. Put some bad software in there, and it will be executed with admin rights.
    • A classic cross-site request forgery (CSRF) vulnerability exists in the LSCTaskService process, allowing any visited webpage to pass commands to the local web server to execute with full privileges.
  • Dell's bundled utility Dell System Detect can be made to gain admin privileges and execute arbitrary commands – by feeding it a security token downloaded from, er, dell.com: a token granting Dell System Detect permission to install manuals can be abused to execute programs (such as malware) with admin privileges. This can be exploited by software on your computer to fully compromise the machine.
  • Toshiba's bundled Service Station tool can be abused by normal users and unprivileged software to read the majority of the operating system's registry as a SYSTEM-level user.
Lenovo has only just got round to patching holes in its System Update utility. It was previously this year caught up in a bloatware security blunder, as was Dell. ®
Number 1 task when getting a new computer with pre-installed software (bloatware): Remove that software. :D
 

Rishi

Level 19
Verified
Honorary Member
Top Poster
Well-known
Dec 3, 2015
938
Now I feel lucky I don't use any of those brands and unlucky as my home laptop belongs to a series whose network adapter prevented win 10 from downloading worldwide,I happened to have different adapter,it missed by a whisker and now win 10 download nag screen persists.:rolleyes::rolleyes:
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Does it make us surprise on those unending incidents? That's what we call back-end tactics techniques run throughout those bundled programs, honestly they are useful on the first place however the lack of quality control and abusive on partnership tends to take for granted on customers.

All laptops OEM contains bundled programs, its all about how we choose the lesser evil. ;)
 

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,717
Pretty sure that no company has a 100% track record, things will start to reveal one by one. At present am quite glad with Lenovo Z51-70.
 
  • Like
Reactions: Rishi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top