Dell, Lenovo and Toshiba Utilities put PCs vulnerable to attacks, says researcher

In the case of vulnerabilities in OEM support utilities, computers are left wide open to attacks. Three manufacturers namely Toshiba, Dell and Lenovo, have unpatched vulnerabilities in their support services — the most ones being seen in the Solution Center of Lenovo.

The details were recently posted by a security researcher who goes by slipstream/RoL online along with OEMDrop, a proof-of-concept code.

As per CERT (Computer emergency response team), HTTP requests on Port 55555 are heard by LSCTask Service, which further has an association with LSCController.dll. It has methods that can post requests to the port and can be called with HTTP GET.

With LSCTask Service, an arbitrary code can be run in an open directory %APPDATA%\LSC\Local Store, with the help of RunInstaller, an LSCController method.

Owing to a directory traversal bug in the Solution Center, arbitrary files can be accessed on the drive having user profiles. If a malicious program is put on the hard drive’s location, wherein the software is being run, it can be run with the same privileges.

LSCTask Service has a vulnerability to an attack named CSRF or Cross-Site Request Forgery. It means that web content crafted maliciously can send commands to that service.

With the vulnerabilities mentioned above, arbitrary code can be remotely executed on the system having a malicious web page. Lenovo suggests that for dealing with these vulnerabilities, removing Service Center from the system is a good idea.

It continues with the System Detect Ability of Dell. As per the comment, arbitrary code of System Detect can be forcefully run on a system having administrator privileges. It is possible with a token that is available to download from the website of Dell.

According to this functionality, product manuals can be downloaded and installed for running other executables.

Even the vulnerability of Toshiba is severe. The Service Station tool of the company has a vulnerability to attacks, through which arbitrary registry values and keys can be created.

TMachInfo runs with system privileges and communication with the services is done with the help of XML. Those calls can be intercepted with this attack, and the response is given with text-formatted registry patch files for making changes.

Update: We came to know from Lenovo that they have already patched the vulnerabilities, and updates are available to download on the official website. 

About the author

Mary Woods

Mary is a passionate tech enthusiast with over 4 years of experience in writing about global technological advancements. Currently based in Miami, she has a deep interest in all things tech and is particularly drawn to the wonders of the modern internet. Writing about the latest technological trends online is not just her expertise but also her hobby. Mary’s dedication to exploring and sharing the latest in technology makes her a key contributor to PC-Tablet.com, where she brings her insights and enthusiasm to every article she writes.

Add Comment

Click here to post a comment

Web Stories

5 Best Projectors in 2024: Top Long Throw and Laser Projectors for Every Budget 5 Best Laptop of 2024 5 Best Gaming Phones in Sept 2024: Motorola Edge Plus, iPhone 15 Pro Max & More! 6 Best Football Games of all time: from Pro Evolution Soccer to Football Manager 5 Best Lightweight Laptops for High School and College Students 5 Best Bluetooth Speaker in 2024 6 Best Android Phones Under $100 in 2024 6 Best Wireless Earbuds for 2024: Find Your Perfect Pair for Crystal-Clear Audio Best Macbook Air Deals on 13 & 15-inch Models Start from $149