"The first vulnerability is a race condition between an attacker and the parent process connecting to the child process' named pipe," explains NCC Group This means that any other process, even malicious ones, can connect to the child process to issue their own commands.Īs such, an attacker leveraging this security gap can send an instruction to load a 'plugin' from an arbitrary location on the filesystem. Unfortunately, the service doesn't handle the communications between privileged child processes securely and fails to validate the source of XML serialized commands. When ImController needs one of these services to execute a command, it will connect to the named pipe and issue XML serialized commands that should be executed. This Windows service will spawn further child processes, which open named pipe servers that the ImController service used to communicate with the child process. Essentially, if a user gains SYSTEM privileges in Windows, they gain complete control over the system to install malware, add users, or change almost any system setting. SYSTEM privileges are the highest user rights available in Windows and allow someone to perform almost any command on the operating system. Vulnerable system componentīecause ImController needs to fetch and install files from Lenovo servers, execute child processes, and perform system configuration and maintenance tasks, it runs with SYSTEM privileges. The computer maker released the security updates on November 17, 2021, while the relevant advisory was published on December 14, 2021. The discovery of the vulnerabilities was the work of researchers at NCC Group, who reported their findings to Lenovo on October 29, 2021. "If you disable this service, Lenovo applications will not work properly." "The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID," reads the description of the Windows service. Lenovo ImControllerService Windows service
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |