More vulnerabilities found pre-installed in popular PC models

Dive Brief:

New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.
The most serious flaws appear to be in Lenovo Solution Center.
Last week, security issues forced Lenovo to update one of the tools preloaded on its PCs for the third time in less than six months.

Dive Insight:

The latest flaws were discovered by a hacker and prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

The Lenovo issue is the most significant, and is caused by the LSCTaskService, which is created by the Lenovo Solution Center and runs with SYSTEM privileges. Lenovo said that it is currently investigating the vulnerability and will provide a fix soon. Until then, concerned users can uninstall the Lenovo Solution Center, the company said.

Two other, lower-impact, vulnerabilities were also exposed -- one in the Toshiba Service Station and one in Dell System Detect.

This is not the first time vulnerabilities have been found in support tools installed on Lenovo or Dell computers. Lenovo already issued two other security patches this year -- one in July and one in October.