Credit: LenovoSecurity researchers from Pen Test Partners have found a privilege escalation vulnerability in the Lenovo Solution Centre (LSC) utility that's found on the majority of Lenovo’s Windows laptops. The bug could have allowed anyone with any sort of local or remote access to the machines to gain administrator privileges and take over the systems.
Eight-Year Old Vulnerability
According to the researchers, the vulnerability has existed in Lenovo’s software since 2011. The vulnerability works only on Windows, so if you’ve already uninstalled the LSC utility, reinstalled a fresh version of Windows, or switched to Linux, it wouldn’t work anymore.
The PTP researchers explained that:
"The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user is able to control. In this scenario, a low-privileged user can write a 'hardlink' file to the controllable location – a pseudofile which really points to any other file on the system that the low-privileged user doesn't have control of."
Lenovo Reportedly Tried to Hide the Bug
According to the PTP researchers, when they first reported the vulnerability to Lenovo, the company took the strange action of backdating the end-of-life (EOL) for the LSC tool. The EOL was initially listed as November 30, 2018, but then Lenovo moved it to April 2018, which was right after the PTP researchers revealed the bug to Lenovo.
TheRegister asked Lenovo why it was changing the EOL date "to make it look like they were releasing updates for a product they had already EOL'd."The company’s statement essentially confirmed that Lenovo was interested in making it look like they were updating a product that supposedly had already lost support:
"It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”
This isn’t the first time Lenovo has been caught either with spy tools or broken security on its laptops. It seems the company hasn’t improved all that much since the Superfish scandal broke out.