Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell

By | PCWorld

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

One of the issues is caused by the LSCTaskService, which is created by the Lenovo Solution Center and runs with SYSTEM privileges. This service opens an HTTP daemon on port 55555 that can receive commands. One of those commands is called RunInstaller and executes files placed in the %APPDATA%\LSC\Local Store folder.

Any local user can write to this directory, regardless of their privilege, but the files are executed as the SYSTEM account. This means that a restricted user can exploit the logic flaw to gain full system access.

Furthermore, there is a directory traversal flaw that can be exploited to trick the Lenovo Solution Center to execute code from arbitrary locations, so an attacker doesn’t even need to place files in the aforementioned Local Store folder.

Finally, the LSCTaskService is vulnerable to cross-site request forgery (CSRF), an attack method through which a malicious website can relay rogue requests through the user’s browser. This means that, in order to exploit the previous two flaws, an attacker doesn’t even need to have local access to the system where the Lenovo Solution Center is installed and can simply trick the user to visit a specially crafted Web page.

In a security advisory on its website, Lenovo said that it is currently investigating the vulnerability report and will provide a fix as soon as possible. Until then, concerned users can uninstall the Lenovo Solution Center in order to mitigate the risk, the company said.

Slipstream also published proof-of-concept exploits for two other, lower-impact, vulnerabilities—one in the Toshiba Service Station and one in Dell System Detect (DSD), a tool that users are prompted to install when they click the “Detect Product” button on Dell’s support website.

The Toshiba Service Station application creates a service called TMachInfo that runs as SYSTEM and receives commands via UDP port 1233 on the local host. One of those commands is called Reg.Read and can be used to read most of the Windows registry with system privileges, according to the hacker.

“I have no idea what to do with it, but someone else might,” slipstream wrote in the exploit comments.

The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.

These can be used as a crude bypass method for Windows’ User Account Control (UAC). In this context, the bypass means that “if DSD isn’t elevated, we annoy the user with elevation requests until they click yes,” the hacker said.

This is not the first time when vulnerabilities have been found in support tools installed on Lenovo or Dell computers.

Toshiba and Dell did not immediately respond to a request for comment.

Dell begins shipping Windows 10 machines

With the official launch of Windows 10 just around the corner, excitement is at its peak among Insiders, fans and tech enthusiasts. After confirmation from Microsoft that customers will indeed be able to purchase PCs with the latest OS pre-installed on launch day, and promising that “over 2000 distinct Windows 10 devices” are already on the way, competition between companies selling the new hardware has increased tenfold. Dell has just announced that it will begin shipping its pre-ordered Windows 10 PCs on July 28, one day before the OS officially launches, stating that the devices will make their way to customers with free next-business-day delivery.

The company claims that there are nearly 70 configurations of laptops, 2-in-1s, all-in-ones, and PCs, available on Dell’s website. Along with this, there are also 51 Dell systems pre-installed with Windows 10, which will be available at leading retailers such as Best Buy, Microcenter and Staples in the U.S, starting tomorrow. Customers in Brazil and China will get their hands on Dell’s new devices in October while people in the UK will be able to do the same in October.

Dell claims that it started working on the key features of Windows 10 with Microsoft in 2013, in order to engineer some of the best PCs with the OS. PCs have been integrated with Intel RealSense 3D cameras to maximize the capabilities of Windows Hello, users will also be able to take advantage of their new digital assistant, Cortana, as well as enjoy the media-rich experience of Windows 10 with Dell’s Waves MaxxAudio technology. Dell’s PCs have also been optimized for one of Windows 10’s most-awaited features, Continuum.

Along with this, Dell is also endeavoring to provide some of the world’s most advanced security systems for commercial Windows 10 devices with the Dell Data Protection portfolio, with enhanced encryption, authentication and malware combatant techniques. The Dell Client Command Suite will also be available for these devices to reduce the time for deploying and monitoring system updates.

However, keeping in mind that the Windows 10 upgrade is free for eligible users and most consumersbe taking that path to Microsoft’s latest OS, Dell is also providing customers with online and phone support..

To celebrate the official launch of Windows 10, Dell and Microsoft are hosting an event, “#DellLounge Powered by Windows 10 “, which will run overlooking Grant Park, Chicago from August 30 to July 2. New features of Windows 10 will be highlighted along with entertainment from Morgan Page, A-Trak, Residual Kid, Jack and Jack, Mahogany Lox and several others. There will also be programming demonstrations from organizations such as Goodwill Industries and the Girl Scouts.

via Dell begins shipping Windows 10 machines.

Dell UltraSharp 32 Ultra HD Monitor Review

Although still in its early days, consumer 4K UHD is here. While 720p and 1080p are destined to become anachronisms akin to 8-tracks and punch cards, our present day is the awkward transitional period between these old and newly evolving high definition standards.

No stranger to the business of high-end displays, long-time monitor manufacturer Dell has lunged into the UHD market with some solid offerings. The company has released two UltraSharp displays capable of ultra high-definition: a 24-inch at $1,299 and a 32-inch for $3,499. Dell has also been teasing us with a third 4K UHD-capable 28-inch model, but this in-betweener is worlds cheaper at $699. Too good to be true? Indeed. This aggressively priced display has the “same quality” panel as its more expensive cousins, but its refresh rate is limited to just 30Hz. Yuck.

For this review though, we’ll be taking a look at Dell’s monstrous 32-inch flagship, the UltraSharp UP3214Q.

Dell UltraSharp 32 UP3214Q – $3500

    • Viewable Size: 31.5″ diagonal (16:9)
    • Panel: IGZO LCD IPS, anti-glare with hard coat 3H, LED backlit
    • Optimal resolution: 3840 x 2160
    • Contrast Ratio: 1000: 1 (typical), 2 Million:1 (Max Dynamic)
    • Brightness: 350 cd/m2 (typical)
    • Response Time: 8 ms (gray to gray)
    • Viewing Angle: 176° vertical / 176° horizontal
    • Color Gamut: Adobe RGB 99%, sRGB 100%
    • Colors: 1.074 Billion colors (10 Bits)
    • Pixel Pitch/PPI: 0.182 mm / 140


    • 1x HDMI, 1x Mini DisplayPort, 1x DisplayPort (1.2a), 4x USB 3.0 ports downstream, 1x USB 3.0 upstream, 1x media card reader

Physical Specifications:

  • Dimensions (with stand):
    19.0-22.5″ x 29.5″ x 8.4″
  • Dimensions (display only):
    17.5″ x 29.5″ x 2.0″
  • Weight (with stand/without): 25.3/20.3 lbs
  • Height-adjustable stand, tilt, swivel and built in cable-management, VESA mount capable

Knowing the reputation (and price) the UltraSharp moniker commands, there would normally be little more to say than “immense IPS display”, “great image” but “prosumer price tag”. However, the UP3214Q’s defining feature isn’t its enormity, IPS panel, nor certainly the $3,500 sticker price. Rather, its most distinct feature is a glorious spread of 3840 x 2160 pixels which is, ironically, also the source of its biggest issues. More on that shortly.

Consider this hands-on to be as much a review of early-gen UHD monitors as the UP3214Q itself. Hopefully, the experiences outlined here will answer questions you may have regarding the value, compatibility, performance and practicality of this display and displays like it.

Unboxing and Accessories

Even for such a large monitor, the box was quite hefty at just past 35 pounds. Like many of its monitors, Dell shipped the UP3214Q in packaging made entirely from corrugated cardboard — no foam here. Avoiding the use of foam (extruded or otherwise) is part of Dell’s eco-friendly strategy.

Inside the box lives a sturdy, rotating aluminum stand equipped with Dell’s prototypical screwless VESA mount design. Dell also included the following cables: DisplayPort (mini to standard), USB 3.0 (A to B) and a C13 power (standard PC desktop) cable. HDMI is notably missing. Additionally, owners will find a color calibration report. Like certain other UltraSharp offerings, each UP3214Q is factory-calibrated to reproduce colors as accurately as possible (Delta E < 2) out of the box. No complaints here.

First Impressions

I’ll cut to the chase: the UP3214Q is impressive to behold. The screen is expansive, the picture is bright, the color is rich and everything about it appears well-designed. The monitor itself (without the stand) weighs a hefty 20 pounds — that doesn’t include the aluminum stand which adds a good 5 pounds.

There’s little question this is a premium display. Considering its retail price ($3,500) though, I’m certain consumers won’t tolerate anything less than perfection.

Features, Adjustments and OSD

The aluminum stand offers some basic adjustments including height, tilt and horizontal swivel; however, the display cannot be vertically rotated (i.e. no portrait mode). The UP3214Q’s screen can be adjusted 1.75 to 5.25 inches high, tilted 20 degrees backward and rotated 45-degrees left and right. All adjustments feel solid and smooth; however, horizontal rotation is very stiff and the stand will move unless you hold it down.

There are few connectivity options (DisplayPort 1.2, mini-DP and HDMI 1.4), but the inclusion of 4 x USB 3.0 ports and a 9-in-1 media card reader are welcome accoutrements. Of the four USB ports, three are located at the bottom rear alongside HDMI and DP inputs. This area is difficult to access and isn’t practical for USB drives. The fourth USB port is located in plain sight on the rear of the display.

The OSD (on-screen display) “buttons” are located along the bottom right edge. Quotes are necessary here because the controls — except the power button — are actually touch-sensitive and not old school push buttons. The menus and controls are intuitive and simple to navigate. Most people won’t spend much time here, which manufacturers know, so they often load primitive-looking, painful-to-use OSDs — a common sighting amongst bargain monitors. The UP3214Q’s OSD though is pleasant and very similar to other UltraSharp displays.

Image Quality and Performance

As with most larger IPS monitors, the screen is matte with non-reflective coating. It’s thoroughly matte and not somewhere between, like satin or semi-gloss. This is particularly good for brightly lit office environments where evenly distributed fluorescent lighting is the norm.

Subjectively, the UP3214Q’s coating is unobtrusive. Very occasionally manufacturers apply matte finishes that are so aggressive though, they become distracting (e.g. Dell’s four-year old UltraSharp U2711). Anti-glare coatings are great for reducing reflections, but intense ones create a grainy effect — sometimes perceived as “shimmering” — which is particularly noticeable for bright images. The visibility of this shimmer can vary widely, but the UP3214Q seems very middle of the pack: not very noticeable but not quite invisible either. As a point of reference, it fares far better than the U2711 (prominent shimmer), but isn’t as transparent as Dell’s own U2713HM (hardly noticeable).

The UP3214Q’s image is bright, rich and uniform. Subjectively, it lives up to its impressive specs and it definitely compares well to Dell’s other high-end IPS offerings. Additionally, the 140 PPI density (~50-percent higher than many common displays) really lends itself to sharply rendered text and a smooth image overall.

One noticeable imperfection on our unit is a very slight yellow tinge around the edges of the panel. When I say slight, I do mean barely perceptible. I was unable to capture this with a camera and is only somewhat noticeable on a 100% white background.

“IPS glow” is present, but definitely with an acceptable range and certainly not unique to the UP3214Q. In fact, all large panels I’ve seen (including TN and PVA) exhibit a similar “glow”, so as commonly as this term gets thrown around, I consider it a misnomer. This glowing effect is most visible when a black image spans the screen, but the UP3214Q performs similarly to other high-end IPS panels.

The UP3214Q’s advertised 8ms (gray to gray) is fairly typical with larger IPS these days. Bigger G2G values tend to indicate more “ghosting”, an undesirable phenomenon where fast-moving elements leave ghostly remnants of past frames due to slow pixel refresh times. As with many IPS-based displays, a detectable amount of ghosting is present. Subjectively though, this was a non-issue during gaming sessions and only became obvious during synthetic tests. The UP3214Q provides a solid gaming experience in this regard.

Input lag is the delay between the output of your graphics card and the image which appears on your screen. I attempted to objectively capture input lag by cloning a digital timer across two displays: the Dell UP3214Q and a TN-based LG Flatron E2771. I enabled “Thru-mode” (a.k.a. game mode) on the E2771 which effectively eliminates input lag. The result? The Dell showed about 20ms of input lag. Okay — that’s not phenomenal. However, enabling “Gaming Mode” completely eliminated input lag. Visually speaking, the trade-off for gaming mode was a slight change in color reproduction. Gaming mode did not affect ghosting.

Oh, and backlight bleeding? Not an issue here.

Read more

PC sales continue to plunge, but the drop is less steep

The PC market moved into its sixth straight quarter of declining sales, analysts reported on Wednesday, although the dip was less pronounced than one firm expected.Market research firm Gartner reported that third-quarter PC sales dipped by 8.6 percent to 80.3 million units for the July-to-September quarter. IDC, with its own report, said the drop was 7.6 percent to 81.6 million units; the firm had previously projected a worldwide decline of 9.5 percent.
Normally, the third quarter marks the beginning of the upswing for the PC market, as students and educators invest in new hardware during the so-called back-to-school buying season. But sales apparently failed to materialize, either an indication that students are turning more to tablets or simply were using notebooks that they had bought previously. On the other hand, emerging product categories and a greater assortment of Windows 8-based models pushed sales volumes slightly higher, IDC reported, as did the migration from Windows XP to Windows 7.
“Consumers’ shift from PCs to tablets for daily content consumption continued to decrease the installed base of PCs both in mature as well as in emerging markets,” Mikako Kitagawa, principal analyst at Gartner, said in a statement. “A greater availability of inexpensive Android tablets attracted first-time consumers in emerging markets and as supplementary devices in mature markets.”
Rajani Singh, an analyst with IDC, noted that the U.S. market was essentially flat at 0 percent growth, helped by Chromebooks and what the company called “ultraslim” devices.
“Whether constrained by a weak economy or being selective in their tech investments, buyers continue to evaluate options and delay PC replacements,” Loren Loverde, an analyst with IDC added. “Despite being a little ahead of forecast, and the work that’s being done on new designs and integration of features like touch, the third quarter results suggest that there’s still a high probability that we will see another decline in worldwide shipments in 2014.”

IDC PC Sales Q3 2013
According to IDC, Lenovo led the pack of PC vendors for global sales during the third quarter.

Both Gartner and IDC said that Lenovo had again edged out rival Hewlett-Packard for a second straight quarter, with Lenovo showing a 2.8 percent increase in unit sales to 14.1 million units. HP and Dell also demonstrated 1.5 percent and 1.0 growth, respectively. But Acer’s sales plunged 22.6 percent, followed closely by Asus, with a  22.5 percent decline in shipments. However, both Acer and Asus have shifted their focus towards the tablet market, Gartner said.
Lenovo’s market share is 17.6 percent, followed closely by HP, at 17.1 percent, Gartner found. Dell, Acer, and Asus make up 11.6 percent, 8.3 percent, and 6.1 percent, respectively.

IDC PC Sales Q3 2013
HP was the top PC vendor in the U.S. during the third quarter.

According to Gartner, HP was the top U.S. PC vendor, with a 26.9 percent market share. Dell (21.0 percent) and Apple (13.4 percent) followed, then Lenovo (10.5 percent) and Toshiba (7.0 percent). Apple was the only vendor among the top five to record a drop in shipments, down 2.3 percent.
IDC largely agreed with Gartner’s numbers (as shown in the above chart), although the firm said that Acer and Asus recorded a steeper drop in shipments.
Both IDC and Gartner typically release tablet sales as part of a separate report, which will provide more insight into how the overall market will fare.
So far, the promise of Windows 8.1 has failed to ignite the PC market, as has the new “Haswell”-based notebooks from Intel’s PC partners. Will the fourth quarter show some signs of life, as Microsoft has predicted? So far, the best news is that it looks less gloomy than predicted. And that isn’t saying much.
via PCWorld

With new Venue tablets, Dell signals its PC division is alive and kicking

Dell sent a message that it intends to keep its PC division alive with the launch of new Venue tablets on Wednesday.
The company launched two Venue tablets with Android, and two with Microsoft’s latest Windows 8.1 OS. The tablets will come with screen sizes ranging from 7 inches to 11 inches.
All the tablets will be available in November.
The Android tablets from Dell include the Dell Venue 7, which will have a 7-inch screen, and the Venue 8, which will have an 8-inch screen. The Venue 7 will be priced at $149, and the Venue 8 will be priced at $179.
The Venue 7 and 8 run on older Intel Atom processors that were announced last year, and not the latest Atom processors code-named Bay Trail. Both tablets have screen resolutions of 1280 x 800 pixels, Micro-SD slots and Wi-Fi.

The new Windows 8.1 tablets include the Venue 8 Pro, which will have an 8-inch screen, and the Venue 11 Pro, which has a 10.8 inch screen. The latter can be a tablet, or laptop with attachable keyboard or docking station. The tablets will run on Intel’s latest processors. The Venue 8 Pro starts at $299, and the Venue 11 Pro starts at $499.
The Venue 8 Pro has a Bay Trail processor and up to 64GB of storage. It has a 1.2-megapixel front camera and a 5-megapixel back camera. It weighs 388 grams.
The Venue 10 Pro has a range of processor options ranging from Bay Trail to the latest Haswell processors. The device weighs 726 grams. It has up to 256GB of storage, NFC capabilities and a 2-megapixel front camera and an 8-megapixel back camera.
Other features on Dell’s new Venue Pro tablets with Windows 8.1 include Micro-SD card readers and LTE mobile broadband connectivity.
Dell’s new tablet lineup did not include a device with Microsoft’s Windows RT OS. Dell’s last XPS 10 tablet with Windows RT was discontinued last week.
The company does not plan to refresh its line of Windows RT tablets, said Neil Hand, vice president at Dell, during a launch event in New York.
Dell’s new tablets also revive the Venue brand name, which the PC maker abandoned when it discontinued its shipment of smartphones early last year. Dell earlier launched Venue smartphones running Windows Phone and Android in 2011.
The new tablets also indicate that Dell is retaining its PC division. Michael Dell reassured customers that the company would retain its PC division after shareholders last month approved a deal in which the CEO and associate Silver Lake Partners would take the company private for $24.9 billion. It had been speculated that the poorly performing division might be axed after the company goes private.
A billion people will be using a tablet by 2017 and it remains an important category for Dell, Hand said.
“We are dedicated to growing a tablet business in the company,” Hand said.
During a video to start the presentation, the company invoked its reputation as a PC innovator.
“It’s a very exciting time for us at Dell,” said Sam Burd, vice president of personal computer group, during the event.
The company also launched three XPS laptops with Intel’s latest fourth-generation Core processors code-named Haswell. The XPS 11 is a Windows 8 laptop that converts into a tablet. It has a 2560×1440 resolution screen.
The other XPS laptops include the XPS 13, which has a 13-inch screen, and the XPS 15, which has a 3200×1800 display.
via With new Venue tablets, Dell signals its PC division is alive and kicking | PCWorld.

Alienware refreshes gaming laptops with Haswell chip, new look

Alienware has delivered a redesigned range of gaming laptops at E3, complete with a new magnesium alloy and aluminum casing instead of the old plastic one, as well as Intel’s next-generation “Haswell” processors. The company also simplified the naming scheme for its laptop lineup by dropping the extra ‘M’s and ‘x’s and instead dubbing the new models Alienware 14, 17, or 18 depending on screen size.
All three are available in a base configuration with different upgrade options and share similar design traits. Among them are angled and rounded edges, color-customizable LED light pipes around the edges and lid, and an illuminated trackpad. Alienware also moved vents all the way to the back so they are as far as possible from gamers’ hands and added color zones to the keyboard — ten on the larger models and five on the 14-inched.

One area that didn’t see much improvement was overall thickness. The new Alienware machines are as thick and heavy as ever, but that’s only because they don’t compromise performance and run every component at its full TDP rather than throttling things down, according to Alienware General Manager Frank Azor.
In terms of hardware specs, Alienware 14 comes equipped with an Intel Core i7-4700MQ processor, Nvidia GeForce GT 750M GPU, 8GB of RAM, 750GB of HDD storage, a slot-loading DVD drive, and WLED HD 1366×768 display. That’s the standard $1,199 model but you can fit the machine with up to four drives (HDD or SSD), upgrade to a 1080p screen, double the RAM, and upgrade both graphics and processor.

Bumping up to the 17-inch model gives you the same processor, memory and storage, but a higher-performance 2GB GTX 765M GPU as well as a 1600×900 display for $1,499. Meanwhile, the base 18-inch model is mostly the same save for dual GTX 765M GPUs and a full 1080p PLS display as standard for $2,099.
All of them support 802.11ac wireless, miniDisplay and have HDMI outputs, but the 17- and 18-inch notebooks also have an HDMI input. There’s also three or four USB 3.0 ports, multi-format memory card reader, a 2-megapixel webcam, Bluetooth 4.0, 2.1-channel Klipsch speakers, and audio in/out ports.
via Alienware refreshes gaming laptops with Haswell chip, new look – TechSpot.

Dell: Our corporate customers are still upgrading to Windows 7

Dell: Our corporate customers are still upgrading to Windows 7 - Neowin

In less than a year, Microsoft will cut off official support for Windows XP and has been urging its users, particularly large businesses, to transition to Windows 7 or 8 as soon as possible. This week, Dell stated that its own corporate customers are still trying to upgrade to Windows 7.
CNET reports that Dell’s chief financial officer Brian T. Gladden stated this week during the company’s quarterly conference call with analysts, “I think you continue to see Win 7 on the commercial side of the business. It’s driving a refresh cycle.”
And what about Windows 8? Gladden hinted strongly that most of Dell’s business clients were not making the move to switch to Microsoft’s latest OS, stating, “Windows 8 has been from our standpoint, not necessarily the catalyst to drive accelerated growth that we had hoped it would be.”
It’s too early to speculate if this is bad news for Microsoft. Windows 7, which launched over three years ago, is now the dominate version of Windows around the world, but the overall adoption of Windows 8 has been slower than Windows 7. Only time will tell if the large corporate customers that Dell serves will stick with Windows 7 for a while or if they will finally choose to install Windows 8 or Windows 8.1.
via Dell: Our corporate customers are still upgrading to Windows 7 – Neowin.