The tech giant Lenovo has corrected a dangerous vulnerability in its software tool Lenovo Solution Center (LSC).
This time, Lenovo Solution Centre (LSC) software has been found to have a vulnerability that would allow anyone with local network access to the PC to execute arbitrary code on Windows and can gain complete control over the OS, as well as they can also use the software to elevate their privileges and then trick Lenovo Solution Center (LSC) into running the arbitrary code when starting up its service.
Lenovo Fixed A Dangerous Vulnerability In Lenovo Solution Center
Lenovo Solution Center (LSC) is an application that comes pre-installed on many PCs and laptops from Lenovo production. The tool allows you to check the status of the firewall and the battery to back up your files, update the software, test hardware, and obtain information about the warranty service of your product.
The tool consists of two components, a graphical user interface, and LSC TaskService; it is the service running in the background even if the user interface is not running.
A statement from a spokesperson for Lenovo said that “In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it”
As soon as Lenovo became aware of this vulnerability, Lenovo moved rapidly to ready a fix and released a fix which can be downloaded by visiting the software’s page on their official website. The problem was fixed in version Lenovo Solution Center (LSC) 3.3.002.
This case is not the first when the Lenovo Solution Center (LSC) detected this vulnerability (the first flaw was fixed in December last year).
Lenovo has not released a new notification about the problem but simply updated the existing one. Customers who have the Lenovo Solution Center (LSC) in auto-update mode can update the program when they open it. For the others, they have to install the update manually. As we mentioned earlier, the users can simply download the patch from the official website of Lenovo.