The three security flaws reside in:
?
Dell System Detect (DSD) versions 6.12.0.1 and earlier
?
Lenovos Solution Center versions 3.1.004 and earlier
?
However this exploit works only when the victim has Lenovo Solution Center is open in his PC/laptop.
This very same service was also where a redittor found the now infamouseDellRoot rogue CA.
This API can be abused to allow attackers to bypass the Windows User Account Control limitations.
As with the Lenovo issue, uninstalling the Toshiba Service Station removes any danger of exploitation.
source: www.techworm.net
