Thursday, December 10, 2015

The software pre-installed in PCs are a source of trouble here as – ictBusiness

They should solve problems, instead They can unwittingly create. The software pre-installed on the PC – Toshiba, Lenovo and Dell are the producers called into question – can open the door to attacks cbybercriminali. The matter had already spoken several times, in the summer for the case of Superfish and Lenovo computers put at risk, and then more recently in reference to Dell and two certificates unsafe, and again in reference to Lenovo. In summary, as the case the risk lay in the possibility that a criminal expert could average get administrator privileges , or persuade a user to visit a web page that the browser is not recognized as suspicious.

In common, these different episodes have the mechanism by which a cyber criminal attack can be generated from a legitimate software, preinstalled on your PC . A risk factor, then, is not tied to any little cautious behavior by the user, as might be the choice of downloading an application is not verified. In recent months, both Dell, Lenovo has released their corrective software or detailed procedures to remove them from the PC.

Now, however, a user presented himself online under the name of slipstream / RoL has reached a new alert: million PCs from Dell, Lenovo and Toshiba would be vulnerable to exploit its home of some software pre-installed on many of their models. You slipstream / RoL has, in fact, the published proof-of-concept attack exploits feasible to terminals with preinstalled Lenovo Solution Center utility (version 3.1.004 and earlier), with the software on Dell computers Dell System Detect (6.12.0.1 and earlier versions) and Toshiba models by applying Service Station (versions 2.6.14 and above).

And some gesture to publish on the Web demonstration of the exploit before having advised Dell, Toshiba and Lenovo does not help neither users nor the vendors themselves, but rather puts more a flea in his ear to attackers who could start work before the release of any corrective software.

In the case of Lenovo, the application Solution Center contains vulnerabilities that allow to obtain administrator privileges or even system. A hacker, therefore, could tamper with a PC running arbitrary code, or infect through Web pages or e-mail attachments. As pointed out by Cert (Computer Emergency Readiness Team) at Carnegie Mellon University, the different vulnerabilities can be exploited as long as the user has launched at least once the application Lenovo Solution Center. Some also are active only if the software is running. Lenovo is still put to work for an update package that solves the problem, and has since advised to remove the program from its ThinkPad, IdeaPad, ThinkCenter, and IdeaCenter ThinkState.

As for Dell, the ‘offending application is pre-installed software that interacts with the Dell Support to improve and personalize the customer support service. According to slipstream / RoL, 6.12.0.1 and earlier versions of Dell System can allow a cybercriminal to bypass the Windows User Account Control and gain administrator privileges. In this case, the simple uninstall does not protect against the risks: in addition to remove it from the PC, it should be included in the blacklist executable DellSystemDetect.exe. In recent weeks, however, the Texas company had already explained how to remove two certificates at risk, and eDellroot DSDTestProvider.

The Board to eliminate from the PC program also applies to the Toshiba Service Station , which is made to look for automatic software updates and alerts that affect a specific model Pc. Also in this case, the vulnerabilities allow a possible attacker to gain higher privileges to the user level.

LikeTweet

No comments:

Post a Comment