Skip to main content

Your Lenovo laptop may have a serious security flaw

Lenovo laptop on desk
Vlad Bagacian/Unsplash

Users of older Lenovo laptops should beware of a security flaw that may affect their PCs, particularly if their laptops are still running a program called Lenovo Solution Center.

According to Laptop Magazine, security researchers at Pen Test Partners have discovered a security vulnerability that could effectively “hand admin privileges over to hackers or malware.” And since the flaw affects Lenovo laptops that came pre-installed with the Lenovo Solution Center program, millions of older Lenovo laptops could be affected by the flaw. This is because Lenovo laptops had the program installed for years, from 2011 all the way to November 2018.

Recommended Videos

Pen Test Partners published its own post about the flaw on Thursday, August 22. In the post, PTP described the flaw as a “privilege escalation vulnerability” which allows the use of a DACL (discretionary access control list) overwrite bug and a “hardlink” (pseudo) file to let “the low-privileged user take full control of a file they shouldn’t normally be allowed to. This can, if you’re clever, be used to execute arbitrary code on the system with Administrator or System privileges.”

Lenovo issued its own security warning about the flaw on Tuesday, August 20. In this statement, Lenovo said that the flaw affected devices running Lenovo Solution Center version 03.12.003 and recommend that Lenovo users should go ahead and uninstall Lenovo Solution Center (which is no longer supported) and “migrate to Lenovo Vantage or Lenovo Diagnostics.” Lenovo’s security warning statement also included instructions on how to uninstall Lenovo Solution Center for devices running Windows 10, Windows 8, and Windows 7.

It’s also worth noting that in its post, Pen Test Partners also noted a discrepancy involving the actual end-of-life date for the Lenovo Solution Center program:

“Whilst Lenovo were responsive to my disclosure, when we reported this to them back in May, their LSC download page noted that the tool went end of life in November 2018…But just after their disclosure went out, we noticed they had changed the end-of-life date to make it look like it went end of life even before the last version was released. Their own vulnerability advisory states: ‘Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.’… yet the last release of LSC was on 15th October 2018 … Could it be a typo, or were Lenovo trying to cover their tracks? Misleading and strange.”

The Register asked Lenovo about the end-of-life date discrepancy and the laptop manufacturer responded with the following statement:

“It’s often the case for applications that reach end of support that we continue to update the applications as we transition to new offerings is to ensure customers that have not transitioned, or choose not to, still have a minimal level of support, a practice that is not uncommon in the industry.”

Digital Trends has reached out to Lenovo for comment, and we’ll update this article once we receive a response.

Anita George
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
The strange laptop that finally took the idea of AI PCs seriously
Lenovo AI Twist PC.

There's been a lot of talk about AI PCs this year. But so far, it's been a lot of hype -- and not much else.

I've just returned from a trip to Berlin to see the best laptops at IFA powered by new chipsets from Intel, AMD, and Qualcomm. Alongside many new products launching soon, I saw a concept highlighting a distant future for computers and a vision of how useful AI could actually be.

Read more
AMD may have transformed this thin and light laptop into a gaming powerhouse
The Asus Zenbook S 16 sitting on a coffee table.

AMD has a new driver for its latest Ryzen AI 300 processors, and it introduces a feature that could provide a massive performance boost in games. It's called Variable Graphics Memory, or VGM, and it allows the integrated graphics to convert up to 75% of the memory in a system to dedicated graphics memory. This, according to AMD, can not only boost performance in games, but also make some otherwise unplayable titles boot.

The new Ryzen AI 300 processors are mostly found in thin and light laptops, including devices like the Zenbook S 16 that aren't targeted at gamers. In addition to VGM in the new driver, AMD also turned on its Fluid Motion Frames 2 (AFMF 2) feature for Ryzen AI 300 processors. With both features working in tandem, you can see the performance boost on the Zenbook S 16 below.

Read more
Lenovo’s new laptops have an Intel superpower
A Yoga Slim 7i on a red table.

Lenovo has announced two new laptops in partnership with Intel. Yes, they feature the new Core Ultra Series 2 chips, but it’s really the software that makes these laptops interesting. The laptops themselves are the ThinkPad X1 Carbon and Yoga Slim 7i, but they’re both tagged with an additional name: Aura Edition Imagined with Intel. I’m not sure what the name is supposed to connote, but laptops under this new line include a host of software features that were developed by Lenovo in partnership with Intel.

The most exciting of these is Smart Share, which allows for quick photo sharing between your phone and laptop with nothing more than a tap. Bumping the side of the laptop lid with your iPhone or Android phone will automatically bring up a smart share window displaying the photos in your mobile device.

Read more