These days you are chasing the news discovery of several vulnerabilities in software installed on the computer technical support marketed by different manufacturers .
The researchers, for example, have pointed the finger at Lenovo Solution Center, Toshiba Service Station and Dell System Detect .
When Lenovo Solution Center a remote attacker may even execute malicious code on the victim machine (with SYSTEM privileges) by simply setting up a web page crafted and urging the user to visit.
support software Lenovo Solution Center in fact suffer from at least three vulnerabilities that would allow the execution of code from memory locations also arbitrary and that, in fact, they can be exploited by a malicious web page by sending requests “ad hoc” to the browser (CSRF vulnerability; see, in this regard, the the and XSS Attacks CSRF: What are Article DNS changed on the router and redirect to malicious pages: how to fix ).
Lenovo engineers have for the time being declared to be at work to check the problem (see this official note ).
Meanwhile, however, users can uninstall the software Lenovo Solution Center using the instrument for the management of integrated applications Windows ( Programs and Features ).
software Toshiba Service Station , however, opens a UDP port on the local system are looking forward to commands. A user can send specific requests for access to the content of the register of Windows acting with SYSTEM rights.
The presence of the software Dell System Detect , however, could be exploited by an attacker as mechanism to “bypass” the UAC feature of the operating system.
No comments:
Post a Comment