Last year, Lenovo was in some big trouble when the company was caught installing adware on its computers. Now, a new issue may put your Lenovo PC at risk caused by the Lenovo Solution Centre (LSC). The software comes pre-installed with most Lenovo PCs, and it includes a vulnerability which could allow anyone to execute arbitrary code if they have access to your local network, according to researchers from Trustwave SpiderLabs. Karl Sigler, a security searcher at SpiderLabs stated:
“This is a pretty bad vulnerability, but it does require an existing user to be logged in in order to pull off any attack. For a malicious insider or for an attacker that already has a foothold in the network, this vulnerability could be used to make that foothold a full gateway to your network”
Thankfully though, Lenovo has released a patch for this issue – however, you will need to download the patch from the company’s support website here. In a statement to Threatpost, a Lenovo spokesperson stated:
“In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it”
Security issues like this continue to put users at risk as OEMs like Lenovo, Dell and Toshiba are still shipping devices with security flaws. If you really want to get a bloat-free, more secure experience from your new Windows PC, you should probably buy the Signature Edition devices from the Microsoft Store. However, if you choose to buy it directly from OEMs, you should probably clean install Windows after picking up a new PC.