Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Vulnerabilities found in Lenovo, Toshiba, Dell support software

Lucian Constantin | Dec. 8, 2015
Security flaws pile up in support applications installed by PC manufacturers.

"I have no idea what to do with it, but someone else might," slipstream wrote in the exploit comments.

The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.

These can be used as a crude bypass method for Windows' User Account Control (UAC). In this context, the bypass means that "if DSD isn't elevated, we annoy the user with elevation requests until they click yes," the hacker said.

This is not the first time when vulnerabilities have been found in support tools installed on Lenovo or Dell computers.

Toshiba and Dell did not immediately respond to a request for comment.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.