Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Lenovo patches vulnerabilities in system update service

Lenovo patches vulnerabilities in system update service

2015/05/06

Threatpost - (International) Security researchers from IOActive reported that Lenovo patched three vulnerabilities in April including a serious bug that allows least privileged users to potentially run commands as a system administrator due to the use of a predictable authentication token, another in which an attacker could bypass signature validation by creating a fake certificate authority (CA) to swap out executables being downloaded by System Update, and a third in which local users could run commands as an administrator using a directory writeable by any user.

Source: https://threatpost.com/lenovo-patches-vulnerabilities-in-system-update-service/112647

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:15