Skip to main content

Your Lenovo laptop may have a serious security flaw

Lenovo laptop on desk
Vlad Bagacian/Unsplash

Users of older Lenovo laptops should beware of a security flaw that may affect their PCs, particularly if their laptops are still running a program called Lenovo Solution Center.

According to Laptop Magazine, security researchers at Pen Test Partners have discovered a security vulnerability that could effectively “hand admin privileges over to hackers or malware.” And since the flaw affects Lenovo laptops that came pre-installed with the Lenovo Solution Center program, millions of older Lenovo laptops could be affected by the flaw. This is because Lenovo laptops had the program installed for years, from 2011 all the way to November 2018.

Pen Test Partners published its own post about the flaw on Thursday, August 22. In the post, PTP described the flaw as a “privilege escalation vulnerability” which allows the use of a DACL (discretionary access control list) overwrite bug and a “hardlink” (pseudo) file to let “the low-privileged user take full control of a file they shouldn’t normally be allowed to. This can, if you’re clever, be used to execute arbitrary code on the system with Administrator or System privileges.”

Lenovo issued its own security warning about the flaw on Tuesday, August 20. In this statement, Lenovo said that the flaw affected devices running Lenovo Solution Center version 03.12.003 and recommend that Lenovo users should go ahead and uninstall Lenovo Solution Center (which is no longer supported) and “migrate to Lenovo Vantage or Lenovo Diagnostics.” Lenovo’s security warning statement also included instructions on how to uninstall Lenovo Solution Center for devices running Windows 10, Windows 8, and Windows 7.

It’s also worth noting that in its post, Pen Test Partners also noted a discrepancy involving the actual end-of-life date for the Lenovo Solution Center program:

“Whilst Lenovo were responsive to my disclosure, when we reported this to them back in May, their LSC download page noted that the tool went end of life in November 2018…But just after their disclosure went out, we noticed they had changed the end-of-life date to make it look like it went end of life even before the last version was released. Their own vulnerability advisory states: ‘Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.’… yet the last release of LSC was on 15th October 2018 … Could it be a typo, or were Lenovo trying to cover their tracks? Misleading and strange.”

The Register asked Lenovo about the end-of-life date discrepancy and the laptop manufacturer responded with the following statement:

“It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”

Digital Trends has reached out to Lenovo for comment, and we’ll update this article once we receive a response.

Editors' Recommendations

Anita George
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Bing Chat just beat a security check to stop hackers and spammers
A depiction of a hacker breaking into a system via the use of code.

Bing Chat is no stranger to controversy -- in fact, sometimes it feels like there’s a never-ending stream of scandals surrounding it and tools like ChatGPT -- and now the artificial intelligence (AI) chatbot has found itself in hot water over its ability to defeat a common cybersecurity measure.

According to Denis Shiryaev, the CEO of AI startup, chatbots like Bing Chat and ChatGPT can potentially be used to bypass a CAPTCHA code if you just ask them the right set of questions. If this turns out to be a widespread issue, it could have worrying implications for everyone’s online security.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
I review gaming laptops professionally — these are the only two you should buy in 2023
Cyberpunk 2077 on the Lenovo Legion Pro 5.

I'm not going to lie: There are a lot of great gaming laptops out there. There are so many options, in fact, that it's hard to narrow it down to a couple that truly stand out from the pack.

Even recognizing that, there are two main laptops I recommend when someone asks me directly which gaming laptop they should buy. That doesn't mean other gaming laptops are bad, but these two hit the budget and performance requirements that most people are looking for in a way few other laptops can match.
Lenovo Legion Pro 5

Read more