Solution Centre WONTFIX amid EOL date shenanigans
Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL'd the vulnerable monitoring software before its final version was released.
The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufacturer's laptops and other devices, and requires Windows to run. If you removed the app, or blew it away with a Linux install, say, you're safe right now.
"The bug itself is a DACL (discretionary access control list) overwrite, which me ..
Support the originator by clicking the read the rest link below.
