Computer manufacturer Lenovo advises users to remove its software because it contains several vulnerabilities for which no update is available yet. The affected software is Lenovo Solution Center that is pre-installed on Lenovo computers running Windows 7, 8 and 10.
The software can be used to monitor the system's health and security. Three vulnerabilities in the application allow an attacker to remotely execute random code with administrator rights. The attack can be performed by tricking the user in visiting or opening a specially prepared webpage with malicious code when Solution Center is active.
The vulnerability was immediately disclosed by the security researcher who discovered it. Also a proof-of-concept of the attack was published. Lenovo has not released an update yet and therefore it's recommended to uninstall the Lenovo Solution Center software which fixes the vulnerabilities.
It's not the first time there are issues with Lenovo's software. The computer manufacturer shipped adware with their computers, installed rootkits, their update tool contained a backdoor and the Chinese computer manufacturer was caught when it installed tracking software on refurbished computers.
