Skip to main content
close search
site logo
Dive Brief

Lenovo fixes third vulnerability in less than six months

Published Dec. 1, 2015
By
Contributing Editor
Flickr user Vernon Chan

Dive Brief:

  • Security problems made Lenovo need to update one of the tools preloaded on its PCs for the third time in less than six months.

  • The company put out a new tool last week that aids users in ensuring their computers' drivers and BIOS are updated.

  • IOActive researchers found two local privilege escalation vulnerabilities, which are now fixed.

Dive Insight:

One vulnerability let limited Windows accounts users to begin an instance of Internet Explorer and have administrative privileges by clicking on help page URLs

"From there, an unprivileged attacker has many ways to exploit the web browser instance running under Administrator privileges to elevate his or her own privileges to Administrator or SYSTEM," according to Sofiane Talmat, an IOActive security researcher.

As for the second, "It is possible for an attacker to regenerate the same username based on the time the account was created," Talmat added.

Lenovo already issued two other security fixes this year, in July and October.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell