Lenovo has fixed two high-severity vulnerabilities in the Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs. The flaws could allow attackers to take over computers and terminate antivirus processes.
Lenovo Solution Center (LSC) allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests.
The two new vulnerabilities, tracked as CVE-2016-5249 and CVE-2016-5248 in the Common Vulnerabilities and Exposures database, were found by security researchers from Trustwave. They affect LSC versions 3.3.002 and earlier.