Over 1 million tech questions and answers.

Lenovo System Update Privilege Escalation

Q: Lenovo System Update Privilege Escalation

Lenovo Security Advisory: LEN-2015-011
Potential Impact: Execution of arbitrary code
Severity: Medium

Multiple vulnerabilities have been identified within Lenovo System Update (previously known as ThinkVantage System Update). Lenovo has released a new version of the Lenovo System Update software that addresses these vulnerabilities.

Lenovo System Update validates all system update files as they are downloaded from the Lenovo servers. However, if the local system contains malware, it is possible that the downloaded updates could be altered before installation creating a race condition. The latest Lenovo System Update release eliminates this possibility. Lenovo System Update uses a service called SUService.exe to run system updates. As part of the authentication and validation process the service only accepts commands if a valid security token is passed along with the command. Vulnerabilities were discovered on how the security tokens were generated allowing an attacker to run commands. The latest Lenovo System Update release fixes the token authentication flaws.
Other security issues were also addressed in this update.
Mitigation Strategy for Customers (what you should do to protect yourself):
Starting from April 1, 2015, run Lenovo System Update and install the latest version of the application, version 5.06.0034 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting ?About.?
Steps to update:
Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that new version is available.
To manually update, download the latest version from the following URL.

Product Impact:
The following products may be impacted:

All ThinkPadAll ThinkCentreAll ThinkStationLenovo V/B/K/E Series
Lenovo would like to thank Michael Milvich and Sofiane Talmat of IOActive for reporting these issues.

Other information and references:

CVE ID: CVE-*2015-*2219, CVE-*2015-*2233, CVE-*2015-*2234IOActive | Labs | Advisories

Source: https://support.lenovo.com/us/en/pro.../lsu_privilege

Preferred Solution: Lenovo System Update Privilege Escalation

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Lenovo System Update Privilege Escalation

Bundleware/ Crapware: This is why I do a clean install on a brand new PC.

Read other 1 answers

Latest, and possibly earlier builds, of the PavTPK.sys kernel mode driver of Panda Security software suffers from a heap overflow bug that allows any user to elevate their privileges through an IOCTL request and execute code as SYSTEM by controlling the EIP via a corrupted kernel object.

Upon unsuccessful exploitation the system will crash with a BSoD.
This driver is loaded into kernel memory during boot time and stays resident without touching the disk later.

All Panda Security products using the faulty driver were foujnd to be vulnerable.


A:Privilege Escalation in Panda Security

22/07/2014 Fix confirmed

Read other 1 answers

I have been investigating on the privilege escalation vulnerability when we use methods of named pipe. This vulnerability is reported for Windows Server 2000 as per bulletin -
Microsoft Security Bulletin MS00-053 -  Critical and Windows Server 2008 as per bulletin -
Microsoft Security Bulletin MS10-059 - Important.

The similar vulnerability is also reported for Windows Server 2012 in bulletin - Microsoft Security Bulletin MS15-050 - Important. I just want to make sure
that, whether the vulnerability identified for Windows Server 2012 is also due to use of the
CreateNamedPipe method and impersonation or due to some different reason. 
If this vulnerability mentioned in the bulletin - Microsoft
Security Bulletin MS15-050 - Important, is not related to Named Pipe, then is there other vulnerability with Named pipe which leads to privileges escalation?


Read other answers

Versions 5.0 ? 7.0 of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow a low privileged user to execute code as SYSTEM by exploiting a vulnerability in the ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver also mentioned as Personal Firewall module: Build 1183 (20140214) and prior. This is a ?trusted value vulnerability? that can be triggered through a specific IOCTL with a specifically crafted buffer, to force the driver to validate an improper IOCTL.


A:Privilege Escalation In ESET Products For Windows

This was patched, wasn't it?
"27/06/2014 | Fix confirmed"

Read other 1 answers

Lutomirski had recently reported the CVE-2014-9090 which was caused due to improper handling of faults associated with the Stack Segment (SS) register on the x86 architecture. After notification of CVE-2014-9090, Borislav Petkov pointed out to Lutomirski some further flaws that existed even after vulnerability.  After  research Lutomirski discovered that there were two bugs in the improper handling of Stack Segment (SS) register.  The new kernel kernel vulnerability is now identified CVE-2014-9322 and allows potential hacker to  gain privilege escalation on all X86_64 systems.
“Any kernel that is not patched against CVE-2014-9090 is vulnerable to privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user’s gsbase and the kernel’s gsbase swapped,” Lutomirski explained in an advisory.
He added that, “This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot.”
Privilege Escalation Vulnerability in Linux #CVE-2014-9322

Read other answers

hi guys

There is a way to deny interactive logon to a workstation but permit the priviledge escalation(run as)?
I tried with this local GPO

Use Computer Configuration / Windows Settings / Security Settings / Local Policy User Rights Assignment
to set Deny logon locally for this account.

but it does not work because deny also the privilege escalarion or run as...not only the interactive logon. We would need for some Laptop in workgroup

tanks a lot!

Read other answers

The Linux kernel 2.6.0 through, and 2.4.4 through, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-2692What this amounts to is that someone with physical access to an affected computer could gain root and wreak havoc. Debian and Ubuntu have already released patches and users are urged to update immediately through their distro's update utility.Proof of concept code for an exploit is already available.

Read other answers

Have a few computers missing this (MS15-058) Microsoft SQL Server Privilege Escalation (3065718) patch.

Get access denied just by trying to run the patch: SQLServer2008-KB3045305-x64.exe even though I'm logged in with my domain admin account.

I do a run as administrator with my domain admin account and GUI will start but will still fail with Setup account privileges failed.

Local admin account has same problem.
Screen shots attached.

Has anyone come across a problem like this??

A:(MS15-058) Microsoft SQL Server Privilege Escalation (3065718)

at what Service Pack level is your SQL Server install?
I am NOT any kind of expert in domain permissions! - have you checked the two links in the error message?

It's always possible that there is registry corruption present which is preventing access to certain keys - that's also worth checking.

Read other 1 answers

A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.

Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products - Technical Support - Panda Security

Read other answers

Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.
The technique, dubbed "rowhammer", was outlined in a blog post published Monday by Google's Project Zero security initiative, a team of top security researchers dedicatedly identifies severe zero-day vulnerabilities in different software.
Rowhammer is a problem with recent generation DRAM chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row which could allow anyone to change the value of contents stored in computer memory.
DDR memory is arranged in an array of rows and columns, which are assigned to various services, applications and OS resources in large blocks. In order to prevent each application from accessing the memory of other application, they are kept in a "sandbox" protection layer.
However, Sandbox protection can be bypassed using Bit flipping technique in which a malicious application needs to repeatedly access adjacent rows of memory in a tiny fraction of a second.
As a result, hammering two aggressor memory regions can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells.

DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

A:DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

Program for testing for the DRAM "rowhammer" problem
The test should work on Linux or Mac OS X, on x86 only.

Read other 4 answers

We recently updated our ATA installation to version 1.6 and we're getting a lot of "Privilege escalation using forged authorization data" alerts in the console.  We can see that the information is all for an application we use company wide
called Projectwise and the software appears to be generating these even though everything is operating as expected.  Is there anyway we can mark a bunch of these as dismissed in bulk instead of having to go through each one?  Or has anyone tried
to dig into these sorts of alerts with a software vendor to try and find out why the traffic is coming up suspicious?  We've got over 500 of them in 3 days, so it's getting a bit out of hand...

Read other answers

I'd like to include Dell's list of affected systems here: http://spywarehammer.com/current-news/intel-vulnerability/msg155913/#msg155913My search at Dell produced no results. Does a list exist?

Read other answers

I own a Lenovo Ideapad Z510 laptop which has ADP warranty. Seems, my laptop has a history of issues with Wireless card and unfortunately I came across that once again (earliest it came up in August 2016)Story in August'2016:Lenovo teams took over 2 months to fix the issue by replacing the Wireless card. I had a really really hard time in convincingly the Lenovo support teams over phone that the issue is indeed a problem with WiFi card hardware (the traditional Lenovo diagnostic applications such as Lenovo solution center and were not able to even detect the problem). During the course of the issue, 4 times Lenovo team had shipped wrong replacement hardware and each such instance took almost 3 hours of troubleshooting which came as by-product while the replacement part was faulty or incompatible with my Laptop.Story in April'2017:This time fortunately, Lenovo support agreed about the WiFi card replacement in the first attempt itself. They even send the replacement hardware in just 2 days (though it came out to be incompatible with my Laptop). Thereafter, it has been 3 weeks since then and there is no progress on this case. I have had called Lenovo helpline numerous times asking for status update and in response [email protected] support gave me commitments about case escalations and the resolution time of next 3 days. But every single time deadline which was committed to me did surpassed without any progress and still customer care keeps giving me same scripted answers.Additionally... Read more

Read other answers

I was hoping someone here might have a corporate number where I can contact a customer service manager or someone higher than that.  I am currently getting the runaround on a replacement laptop and no one will return my calls or help me with my issue.  The representatives I have talked to refuse to provide me with any type of contact information for anyone that can resolve the issue. Thanks!James

Read other answers

hello , yes .Same problem!My case manager M never replies to my emails or voicemails and had not been helpful at all through this process of a 'second depot repair'.heres my information .Service Request: 8007254140 Service Order: 7023592722 Serial Number: CB20604229 Part NumberPart DescriptionEstimated Availability Date 90204918  PIWG1 MB LED Sponge 7/29/2016 a confirmation email for deliveray and statues .We received your G780 i7 3632QM 1TB/5400 8G W8MM machine at the Depot Facility on 6/30/16. We?d like to apologize that the repair is taking longer than usual due to parts availability. Nonetheless, below is the estimated date on when we will receive the part. As soon as we receive it, it will take additional 7 Business Days for us to ship back your machine. I recieved just 1 email stating this ,Your Lenovo escalation (case number 02418803) has been assigned to your Customer Care Case Manager. They will be reaching out to you within the next business day. And then this 1 email from the case manager .and no other emails /contacts since from him .Hello Robert,I do want to apologize for the late reply. I have sent internal note to check on status of your repair? I do want to ask if you paid for the repair? As we are showing that your machine went out of warranty on 6/22/2014. Please reply back with any information directly to this email. Thank You...HaCase Manager,Lenovo Customer CareNorth America I  r... Read more

Read other answers

Hello, In our organization we have a VPN client that is sensative to driver versions.  We have noticed Lenovo System Update is only updating the Lenovo T470 Wireless-AC 8265 drivers to a certain point and has stopped.  That we could tell there did seem to be a problem as previously there was a rapid succession of updates for our T470's and the wireless NICs to a certain point.T470 - 20HES09L00 Would it be possible to have this driver updated? 2018/09/03 - v20.70.3.3 - Lenovo2019/03/06 - v20.120.1.1 - Intel  Thank you,Tony H. 

A:Lenovo T470 - Intel Dual Band Wireless-AC 8265 - Lenovo System Update - Wireless AC Driver Update

I noticed this apparent divergence on my T480, so I manually installed thev20.120.1.1 driver direct from the  Intel site. When it got done installing, Device manager (Windows 10 Pro 64-bit) reported that I STILL was using the same version as offered by Lenovo:  v20.70.3.3 - Lenovo

If a post answers your question, please mark it as an ?Accepted Solution?!If a post helps you, please click the star to give it a Kudo~~Some years back I worked for IBM, currently I do not work for,nor do I speak for Lenovo or IBM.

Read other 1 answers

Hi,I have recently acquired Lenovo Thinkpad T500 and I am coming across several issues. Having resolved few, here is the one I cannot find help anywhere.Trying to use Lenovo System Update I get the message "The System Update Server is invalid. Please contact Support Center"....which I would do (contact support) if only T500 was listed as one of your products, while it is not - why is it?The version of the System Update is 5.07.0061 I will be really grateful for any help, because google-resolving these issues took me 2 days already. Thank you.

Read other answers

I hope this is the correct place to post - did not see a E series in the ThinkPad Board... I am getting an error when trying to update to Lenovo System Update version 5.07.0065.I recently upgraded the computer form Windows 7 to Windows 10. Trying to make sure my drivers were up-to-date I ran across the newer version of the System Update app. When I tried to install, it gave me this error:The old version is now none existant in Programs and Features. Any ideas? All are appreciated!  Thanks.

Read other answers

When I bought my Lenovo V330-15IKB laptop slightly less than a year ago, I used the System Update in Lenovo Vantage, and it showed the update history, including BIOS updates. For some reason, now when I check 'My device status', in the System Update section, there is a red cross instead of green check like the other lines, and the message 'System Update not found'. What is causing this, and how can it be fixed?

Read other answers

T460p here. After I updated my Windows 10 to Fall Creator Update - Lenovo System Update Shows 11 Updates that are already installed - so it want's to install the same drivers over and over again. Probably a bug. Anyone with the same experience?

Read other answers

Does the "System Update" in "Lenovo Advantage"  includes BIOS update?Yoga C940-14IIL Laptop (ideapad) - Type 81Q9 / 4k 1T 16GMachine Type Model:81Q9005FPG / Part Number 5R30X25047Windows 10 Home 64(PO: Portuguese, EN: English)BIOS: AUCN45WW

A:Does the "System Update" in "Lenovo Advantage" includes BIOS update?

Hi @jsim,
Lenovo Vantage will check for updates including the BIOS update. In some cases that the BIOS is not updated and the Lenovo Vantage did not capture the update, then you may download the BIOS from our Lenovo Support Website. 
Upon checking, the updated BIOS version is AUCN54WW.
Let us know if you need additional information.

Read other 1 answers

Hello,I have a Lenovo Thinkpad W540 which is out of warranty.  While using the Lenovo System Update utility to update the BIOS, the BIOS update failed, and now my W540 will no longer boot.  Is there a way to restore the BIOS without replacing the system board? Is there a place where can I download the BIOS file (not only the upgrade utility)? Thank you!

Read other answers

I've been getting the "Thread Stuck in Driver" BSOD when playing games for several months now and have just been trying to ignore it. However, it's gotten too bad to be ignored any longer. I've been trying to download a BIOS update (as another thread on this topic suggested) but the System Update program refuses to download the BIOS update it says I need every single time. I can provide more info on my system if necessary.  Thanks for the help.

Read other answers

I am unable to update any X2xx laptops due to the package catalog being updated for the last 2 days.Please fix as this is impacting our laptop builds for new users

Read other answers

This use to work fine but now it doesnt. I am running a THINKPAD-X1-CARBON-6TH-GEN-TYPE-20KH-20KG. The sticker says 20KH-002JUS.

A:X1 Gen 6 lenovo update The package catalog for your system is currently being updated on the System

Oh I tried to reinstall the utility and same thing. 

Read other 1 answers

I have Win7 x64 and I'm the only one using this computer! My user account has admin privileges, and I've never set up any other accounts!

I'm not sure what changed, I haven't made any major changes to my computer recently, but all of a sudden a month or two ago, I can no longer install many programs without admin privileges, AND now Firefox can't even update itself without admin privileges - all the updates now fail!

Does anyone have a clue what might be going on?

Thanks all!

A:DL'ed programs (ie Firefox) won't install/update w/out admin privilege

Do you have UAC (User Account Control) disabled? If it's enabled it might give you grief installing programs, etc. Windows has it enabled by default. To disable go to Control Panel -> User Accounts then click on the Change User Account Control Settings hyperlink.

Read other 2 answers

Hey guys, I'm running Windows Vista Home Premium...
I am logged on as Administrator (ACTUAL!)
And I was installing a software when it stopped and said:

"Please make sure you have local system administrator privileges on this system"

Here's what it looked like..


Is there any solutions to fix this problem?

I have tried fiddling with the permissions in the Security tab for the software, still no work.

A:Local System Admin Privilege Needed

There are several ways, some temporary, some permanent. The quick way, which usually works, is to right click the install.exe file and select "run as Administrator"

Read other 3 answers

I want to update my biosbut there is a little problem , as you know for this update battery has to be fully charged and notebook plugged inMy battery still works but at least this program ( lenovo system update as mentioned above )says i need fully charged battery but it is already charged ( most of the time laptop is plugged in workstation )anybody any ideas how to get it working ?

Read other answers

What is happening with Lenovo System Update? We are getting an error that the package catalog is being updated? We have several models here and its happening on all of them. I can't find anything relating to this update on any Lenovo site, and the response I got from calling support was "Sorry." They were also not able to tell me when they think this will be fixed. EDIT: Spelling.

LSU.jpg ?19 KB

Read other answers

1)I am the administrator, checking System confirms that.
2) There is only one account, mine.
The only conclusion I have is that the is a registry key that got changed at some time, somehow, that I need to change back. What is it, and what changes do I need to make.

Read other answers

Please help as I've been searching everywhere for the solution to this problem for the past 2 days (and nights-=)...

I have a:

Dell Dimension E521
AMD Athlon 64 X2 Dual
Core Processor 4000+
2.10Ghz, 3Gb Ram
Windows XP Home v2002 SP3.

I recently installed a new WD500gb hard drive to go along with the original WD250GB one.

I backed up some information to the new drive using NovaBackup (I originally tried to backup with Acronis but prefered the Novabackup interface and hence uninstalled Acronis. I also installed Comodo Firewall on that day.

Everything was fine. I wanted to keep the new drive unaccessible to other users on this computer so I installed Faronics DeepFreeze as well as a "disk lock" type of program whose name I do not remember right now. Again, I was not convinced by either of the two software titles being what I wanted, so I uninstalled them both. Everything seemed normal, though.

The other day I tried to check the calendar. When I double clicked it I got the "You do not have the proper privilege level to change the system time" error message.

As mentioned, I've tried every solution I found online, including running Reset.cmd off of subinacl.msi, clearing security events records, and installing/running gpedit but to no avail. gpedit didn't show the keys / values for Security Settings under Local Policies and I do not know how to create them - I found the gpedit instructions here which would have fixed the problem (sup... Read more

A:[SOLVED] Suddenly "You do not have the proper privilege level to change the system ti

click start, run.., then type secpol.msc

Click Local Policies, then User Rights Assignment.

Now in the right pane there will be an entry named Change system time.

Double-click on that and make sure your current user is listed. If not click add user or group, type in the name of your user and click ok. Yu should now be able to change the time.

Read other 6 answers

Hello everybody. I have V310 series notebook. Lenovo system update software gives the error during updating process. The error window appears about that "an error occured while downloading packages". What should I do? Thank you very much for your prompt helps.

Read other answers

Hello I have installed Lenovo System update.Lenovo System update says to me, that I can install the following applications: -Lenovo Solution Centre-Lenovo Fan Speed control driver-ThinkCentre Device experience-Desktop power manager So I do not know if I do need anything of this? Question 1:When do I need ThinkCentre Device experience? Question 2:When do I need Lenovo Fan Speed control driver? Question 3:When do I need Desktop power manager? Would appreciate your answers. Thank you.

Read other answers

I keep getting Lenovo System Update prompt lately and would like make sure that this is coming from Lenovo and legitimate.   The Prompt says "You have critical updates available fro your systme.   Lenovo recommends tha tyou instal them now to optimize your computer.   One of more of the packages may restart your systme so please save any pending workd before proceeding."   Please advise. 

Read other answers

I upgraded to Windows 10 on my ThinkPad Twist. After that, I ran Lenovo's System Update and downloaded and installed all the recommended updates. Now when I reboot I get a message saying that C:\Program Files (X86)\Thinkpad\Utilities\PWMTR64V.dll is missing. Searching the Lenovo support site for this DLL file name shows that it is related to Windows 7 Power Management. However, one of the updates from Lenovo was Power Management for Windows 10. I am hesitant to install the Power Management update for Windows 7 (which I'm guessing will solve my missing DLL problem, but maybe not) after installing such an update specific to Windows 10. But I don't want to have to have that popup message about a missing DLL every time I boot. Anyone know how I can resolved this?

A:Missing DLL after Lenovo System Update

I have a T540p (x64) and am also getting the PWMTR64V.dll that started fairly recently. It's also been updated to Windows 10 (last year), and like you, given the fix apparently relates to a Windows 7 process, I'm reluctant to update/install it. I went to the pages suggested by the original solution, but both throw 404s. Not real sure where to go with this either, and on the assumption it's a bogus error for this OS/machine, I'd just as soon like to have it stop prompting if possible. elaine

-----EP PackCharlotte, NCThinkpad T540PWindows 10 ProfessionalVersion 10.0.14393 Build 14393

Read other 1 answers

In lenovo companion system update under the headline of installation history it shows me updates that i have already installed  and when i check for new updates it shows again the same updates. Anyone know how to fix this ?

Read other answers

Hello! I'm a bit new to GPOs and working on the server so please forgive misleading terms if I mention something that's not quite correct, but I'm trying to configure Lenovo System Update to run automatically in the background, with very little user input. We want the laptops to just grab updates directly from Lenovo so they get the latest and greatest. So when I move the ADM to the directory, this error pops up. I've been doing some research online before posting this query, but I haven't found anything that I understand that points me at a possible solution. If any of you out there in Lenovo Forum land know what I might do to fix this, I'd appreciate it! Thanks!

Read other answers