Several security experts working at Pen Test Partners have found what is known as “privilege escalation vulnerability” in the Lenovo Solution Center that was created back in 2011. The version is registered under the number 03.12.003 and is no longer supported by the company. The vulnerable point allows log files to be overwritten to new locations. This could lead to privilege escalation, and of course access to data from outside attackers.
A Performance Issue with 8 Years in the Making
With Lenovo killing all support for Lenovo Solution Center back in 2018, the company recommended customers to migrate their data to Lenovo Vantage or Lenovo Diagnostics. They have dismissed the discovery as something affecting a minority of devices since they no longer attend these models. The vulnerability has been identified with the registry code CVE-2019-6177. The escalation properties offered by this flaw existed for a very long time, and it’s nearly impossible to track down just how many people were affected by it to this day.
According to Pen Test Partners, which makes the issue more serious is the fact that every single Lenovo device shipped back then with a Windows OS had the same problem. The malware used to take advantage of the flaw is a DACL (also known as Discretionary Access Control List). This bug s able to overwrite the access privileges of any file that the main user is able to control. In this setting, another user can use a hard link file to the reroute locations. This is nothing more than an alternate path of access to all the other data on the system that the new user doesn’t have access.
The Procedure to Have Full Access to Your Files on a Lenovo Device
The procedure to gain access is as simple as adding a new task on the Lenovo Solution Centre, in the section \Lenovo\Lenovo Solution Center Launcher. This would grant primary user privileged access to a new user. When the task is created by the LSC, it will run a file named “LSC.Services.UpdateStatusService.exe” ten minutes after the main user access his device. The executed file will overwrite the DACL of the logs folder on the device. It will give whoever access it complete authenticated access, with full privileges to read and modify whatever it is on it. As you can guess, this the equivalent of handing a blank check to a signature forger.
So far the only solution provided by Lenovo to fix the issue is asking users to uninstall Lenovo Solution Center. They ask old-time users to install Lenovo Vantage or Lenovo Diagnostics since they have the same functions. Pen Test Partners remains critical of the glitch and maintains that this was an opening that existed for way too long for the company not to know about it. The fact that they retired the service for new versions back in 2018 shows that they probably didn’t care enough to do something to amend the situation.