Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell

By | PCWorld

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

One of the issues is caused by the LSCTaskService, which is created by the Lenovo Solution Center and runs with SYSTEM privileges. This service opens an HTTP daemon on port 55555 that can receive commands. One of those commands is called RunInstaller and executes files placed in the %APPDATA%\LSC\Local Store folder.

Any local user can write to this directory, regardless of their privilege, but the files are executed as the SYSTEM account. This means that a restricted user can exploit the logic flaw to gain full system access.

Furthermore, there is a directory traversal flaw that can be exploited to trick the Lenovo Solution Center to execute code from arbitrary locations, so an attacker doesn’t even need to place files in the aforementioned Local Store folder.

Finally, the LSCTaskService is vulnerable to cross-site request forgery (CSRF), an attack method through which a malicious website can relay rogue requests through the user’s browser. This means that, in order to exploit the previous two flaws, an attacker doesn’t even need to have local access to the system where the Lenovo Solution Center is installed and can simply trick the user to visit a specially crafted Web page.

In a security advisory on its website, Lenovo said that it is currently investigating the vulnerability report and will provide a fix as soon as possible. Until then, concerned users can uninstall the Lenovo Solution Center in order to mitigate the risk, the company said.

Slipstream also published proof-of-concept exploits for two other, lower-impact, vulnerabilities—one in the Toshiba Service Station and one in Dell System Detect (DSD), a tool that users are prompted to install when they click the “Detect Product” button on Dell’s support website.

The Toshiba Service Station application creates a service called TMachInfo that runs as SYSTEM and receives commands via UDP port 1233 on the local host. One of those commands is called Reg.Read and can be used to read most of the Windows registry with system privileges, according to the hacker.

“I have no idea what to do with it, but someone else might,” slipstream wrote in the exploit comments.

The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.

These can be used as a crude bypass method for Windows’ User Account Control (UAC). In this context, the bypass means that “if DSD isn’t elevated, we annoy the user with elevation requests until they click yes,” the hacker said.

This is not the first time when vulnerabilities have been found in support tools installed on Lenovo or Dell computers.

Toshiba and Dell did not immediately respond to a request for comment.

The harmful code recently found on Lenovo machines is now surfacing in other apps

As we previously reported, Lenovo apparently pre-loaded a number of its machines with Superfish adware along with other malicious code. The appearance of the potentially harmful software was not only shocking to many, but also prompted researchers to look around to see if the adware (or similar code) made it other places it shouldn’t have.

Based on recent data, that appears to be the case with at least two other firms reported to have affected apps out in the wild. This dirty code, which was spotted by researcher Fillipo Valsorda, causes devices to accept any old, self-signed certificate from sites, obviously causing serious privacy/security issues in the process. Valsorda noted that code of this nature can be found on the Ad-aware Web Companion anti-virus/privacy software from a company known as Lavasoft and within another ad-focused privacy app called PrivDog from Comodo.

Both occurrences expose users to the serious potential of man-in-the-middle attacks and leave personal data up for the taking, not to mention the negative affect it will have on both companies. Comodo is generally trusted on the internet with regard to certificate management, however that may not be the case for long.

While Lenovo has since admitted the issues surrounding the Superfish adware on its machines by offering it own removal tool, there is still no word from Lavasoft or Comodo on the latest findings. Microsoft has also updated Windows Defender so that it will detect and remove Superfish adware on its own.

via The harmful code recently found on Lenovo machines is now surfacing in other apps – TechSpot.

Lenovo recalls dangerous laptop batteries citing fire hazard

Affected battery packs can be identified through their part number, starting with the fourth digit on a white sticker below the bar code. The identifiable numbers are 42T4695, 42T4711, 42T4798, 42T4804, 42T4812, 42T4822, 42T4828, 42T4834, 42T4840 and 42T4890.

Alternatively, you can also head over to this web page to know if your battery is being recalled. Just call the phone numbers provided on the web page to order replacements, which the company claims will ship in three business days.

As of now, no human injury has been reported, but the company did receive a couple of reports of the battery packs overheating, resulting in damages to the laptops and to property. Until a replacement battery arrives, the company is advising users to turn off the system, remove the battery, and only power their ThinkPad by plugging in the AC adapter and power cord.

 

 

 

 

 

via Lenovo recalls dangerous laptop batteries citing fire hazard – TechSpot.

PC sales continue to plunge, but the drop is less steep

The PC market moved into its sixth straight quarter of declining sales, analysts reported on Wednesday, although the dip was less pronounced than one firm expected.Market research firm Gartner reported that third-quarter PC sales dipped by 8.6 percent to 80.3 million units for the July-to-September quarter. IDC, with its own report, said the drop was 7.6 percent to 81.6 million units; the firm had previously projected a worldwide decline of 9.5 percent.

Normally, the third quarter marks the beginning of the upswing for the PC market, as students and educators invest in new hardware during the so-called back-to-school buying season. But sales apparently failed to materialize, either an indication that students are turning more to tablets or simply were using notebooks that they had bought previously. On the other hand, emerging product categories and a greater assortment of Windows 8-based models pushed sales volumes slightly higher, IDC reported, as did the migration from Windows XP to Windows 7.

“Consumers’ shift from PCs to tablets for daily content consumption continued to decrease the installed base of PCs both in mature as well as in emerging markets,” Mikako Kitagawa, principal analyst at Gartner, said in a statement. “A greater availability of inexpensive Android tablets attracted first-time consumers in emerging markets and as supplementary devices in mature markets.”

Rajani Singh, an analyst with IDC, noted that the U.S. market was essentially flat at 0 percent growth, helped by Chromebooks and what the company called “ultraslim” devices.

“Whether constrained by a weak economy or being selective in their tech investments, buyers continue to evaluate options and delay PC replacements,” Loren Loverde, an analyst with IDC added. “Despite being a little ahead of forecast, and the work that’s being done on new designs and integration of features like touch, the third quarter results suggest that there’s still a high probability that we will see another decline in worldwide shipments in 2014.”

IDC PC Sales Q3 2013
According to IDC, Lenovo led the pack of PC vendors for global sales during the third quarter.

Both Gartner and IDC said that Lenovo had again edged out rival Hewlett-Packard for a second straight quarter, with Lenovo showing a 2.8 percent increase in unit sales to 14.1 million units. HP and Dell also demonstrated 1.5 percent and 1.0 growth, respectively. But Acer’s sales plunged 22.6 percent, followed closely by Asus, with a  22.5 percent decline in shipments. However, both Acer and Asus have shifted their focus towards the tablet market, Gartner said.

Lenovo’s market share is 17.6 percent, followed closely by HP, at 17.1 percent, Gartner found. Dell, Acer, and Asus make up 11.6 percent, 8.3 percent, and 6.1 percent, respectively.

IDC PC Sales Q3 2013
HP was the top PC vendor in the U.S. during the third quarter.

According to Gartner, HP was the top U.S. PC vendor, with a 26.9 percent market share. Dell (21.0 percent) and Apple (13.4 percent) followed, then Lenovo (10.5 percent) and Toshiba (7.0 percent). Apple was the only vendor among the top five to record a drop in shipments, down 2.3 percent.

IDC largely agreed with Gartner’s numbers (as shown in the above chart), although the firm said that Acer and Asus recorded a steeper drop in shipments.

Both IDC and Gartner typically release tablet sales as part of a separate report, which will provide more insight into how the overall market will fare.

So far, the promise of Windows 8.1 has failed to ignite the PC market, as has the new “Haswell”-based notebooks from Intel’s PC partners. Will the fourth quarter show some signs of life, as Microsoft has predicted? So far, the best news is that it looks less gloomy than predicted. And that isn’t saying much.

via PCWorld

IBM’s x86 exit may shake up market and rivals

IBM’s x86 exit may shake up market and rivals

IBM’s reported interest in selling parts of its x86 server business to Lenovo may bring major changes to the global market.

IBM is the third-largest seller of x86 servers by factory revenue, with 15.7 percent of the global market in 2012, according to IDC. That represents $5.6 billion for a company that earned $104.5 billion in revenue last year.

IBM’s share of the x86 server segment has declined over the last several years. In 2010, it had 17.4 percent of the market and $5.5 billion in revenue.

By divesting at least part of its x86 server line, IBM gains additional investment dollars that it can spend on its higher margin efforts, especially its analytics and business intelligence, putting more pressure on rivals in these areas.

Lenovo, which is on its way to becoming the world’s top PC vendor, may gain more than an x86 server line. It may also get, as part of any deal, IBM executive talent and capability to reach North American customers served today by Hewlett-Packard and Dell, said Richard Fichera, an analyst at Forrester.

“No Asian company has figured out to date how to sell to North American enterprises,” Fichera said.

But there is no guarantee that Lenovo will be able to keep and expand on IBM’s x86 server market share. It could lose it as well.

“Anytime there is a shift in players, there is always an opportunity to shift market share,” said Jean Bozman, an analyst at IDC.

Analysts don’t believe IBM will divest all of its x86 systems. It is expected to keep its new integrated systems, its PureSystems, which have been engineered for specific tasks, such as business intelligence and data analysis.

The only unexpected part of an IBM divesture is the timing. The company sold its PC business to Lenovo, it has also exited the hard disk drive and printer manufacturing business.

“IBM has never been shy about divesting businesses,” said Charles King, an analyst at Pund-IT. And as with the PC, printer and disk drives, the low-end x86 server market “is heading further and further into commodity territory.”

Ginni Rometty, IBM’s CEO, appears as interested in jettisoning commodities as her predecessors.

Richard Partridge, a Gartner analyst, said in IBM’s most recent annual report, Rometty makes clear that the firm has no interest in being a commodity seller. “Ours is a different choice: The path of innovation, reinvention and shift to higher value,” she wrote.

For IBM’s x86 customers, Partridge’s advice is to sit tight. It will take months for any divesture to complete. “Once details become clear, then customers can ask how well the different x86 servers integrate with other IBM server lines,” he said.

via IBM’s x86 exit may shake up market and rivals | PCWorld.