Bad news for PC users, Lenovo machines can be hijacked by visiting a malicious website, meanwhile Dell and Toshiba PC are affected by serious flaws.
Security Researcher slipstream/RoL posted Proof-of-concept exploits online (3 OEMs Vulnerable To Three Vulnerability Your PCs At Risk) demonstrating how to compromise machines available on the market.
Three OEMs. Three applications preinstalled. Three exploits. https://t.co/P4GMkNCabZ
— slipstream/RoL (@TheWack0lian) 3 Dicembre 2015
The US CERT has issued an alert about the vulnerabilities affecting the Lenovo machines, the Chinese firm is urging to uninstall its Solution Center as soon as possible.
“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges,” said CERT, which is backed by the US Department of Homeland Security.
“The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation.”
Lenovo Solution Center security advisory posted on company website confirms that the company is urgently working on a fix.
“We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this security advisory page as they become available.” States the advisory.
Mitigation Strategy for Customers (what you should do to protect yourself) By Lenovo Solution Center : To remove the potential risk posed by this vulnerability, users can uninstall the Lenovo Solution Center application using the add / remove programs function.
By the way, the Lenovo Solution Center flaw is also exploitable remotely via CSRF, if the Lenovo Solution Center is open! Open Lenovo Solution Center and click here for a SYSTEM shell! Security Researcher Said
You can fetch exploit binaries and source code from oemdrop.
Summarizing the security vulnerabilities, according to CERT and Slipstream:
Lenovo
- Lenovo Solution Center creates a process called LSCTaskService that runs with full administrator rights, and fires up a web server on port 55555. It can be instructed via GET and POST HTTP requests to execute code in a directory a local user can access.
- Lenovo Solution Center will execute, again with full privileges, programs found in an arbitrary location on disk where the user can write to. Put some bad software in there, and it will be executed with admin rights.
- A classic cross-site request forgery (CSRF) vulnerability exists in the LSCTaskService process, allowing any visited webpage to pass commands to the local web server to execute with full privileges.
Dell
- Dell‘s bundled utility Dell System Detect can be made to gain admin privileges and execute arbitrary commands – by feeding it a security token downloaded from, er, dell.com: a token granting Dell System Detect permission to install manuals can be abused to execute programs (such as malware) with admin privileges. This can be exploited by software on your computer to fully compromise the machine.
Toshiba
- Toshiba‘s bundled Service Station tool can be abused by normal users and unprivileged software to read the majority of the operating system’s registry as a SYSTEM-level user.
Remove Bloatware From Windows With Decrap My Computer
Decrap My Computer allows you to easily and safely remove all of the bloatware that comes pre-installed by the manufacturer on a new Windows PC. It can take hours or even days to get all the pre-installed software removed from your new computer, but with this little freeware utility you can completely uninstall all the unneeded software.
Best of all, Decrap My Computer can do all the operations needed to remove bloatware on its own, without any user input! It even clicks the usual “Next” and various other confirmation buttons of most common software uninstallers.
See how it works!
This video shows Decrap My Computer removes all the pre-installed software of a brand new Acer Aspire V3 laptop. Notice that after the final confirmation box has been closed, there is zero user input, all the uninstallers are automatically run by the Decrap My Computer program!
About the author Mayur Agnihotri
Mayur Agnihotri has a Bachelors of Engineering from Information Technology. He got a number of Infosec Certifications, including C|EH – Certified Ethical Hacker , Cyber Security for Industrial Control Systems, Operational Security for Control Systems, Advanced Security In The Field, Basic Security In The Field.
Twitter : @I_AM_Mayur0021
Edited by Pierluigi Paganini
(Security Affairs – PC, security flaws)
Share On
