Lenovo, Toshiba, and Dell Support Software App Flawed With Security Issues

Security flaws have been discovered in technical support apps installed by PC manufacturers, like Lenovo, Toshiba, and Dell. Lenovo Solution Center, Dell System Detect, and Toshiba Service Station have published the details of security errors. In Lenovo Solution Center, the most grave flaws are detected which could allow a nasty Web page to carry out codes on Windows-based Lenovo computers with system privileges.

Interestingly, it is a hacker who released a proof-of-concept exploit via online aliases slipstream and RoL. After the new findings by the hacker, the CERT Coordination Center at Carnegie Mellon University decided to issue a security advisory. Here, one issue is caused by the LSCTask Service, which runs with SYSTEM privileges and is developed by the Lenovo Solution Center. It opens an HTTP computer program on port 55555 to receive commands like Run Installer and execute files existed in the %APPDATA%\LSC\Local Store folder.  This directory can be written by any local user but files are executed as the SYSTEM account. It shows that a constrained user can develop the logic flaw to benefit complete system access. In addition, a directory traversal flaw can con the Lenovo Solution Center in order to implement code from arbitrary locations. This way, an attacker needn’t place files in the aforesaid Local Store folder.

It is likely that the LSCTask Service is susceptible to cross-site request forgery (CSRF) which is a method that a malicious website uses to pass on rogue requests through the user's browser. And to do so, an attacker doesn't need to have local access to an already installed system at the Lenovo Solution Center. It can also be used to con the user for the purpose of visiting a specially crafted Web page. Lenovo cleared that it is investigating the vulnerability report and will offer concrete solutions to offer the best possible solutions from Phone-help-desk.com expert team.

 The proof-of-concept exploits have also been published by Slipstream lower-impact, vulnerabilities related to Dell System Detect (DSD) and Toshiba Service Station. DSD is basically installed when the "Detect Product" button is clicked on Dell's support website. Here, TMachInfo is a flawed service that runs as SYSTEM and receives commands, like Reg.Read, via UDP port 1233. This command might be utilized for the purpose of reading most of the Windows registries.

"I have no idea what to do with it, but someone else might," says slipstream. According to slipstream, “the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.”

People who are likely to get affected by the service can opt for laptop support service for Toshiba to make their laptops free from being attacked by possible security flaws.