Lenovo laptops (incl. Yoga, ThinkPad) vulnerable to bug allowing admin privileges

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,519
Lenovo laptops, including ThinkPad and Yoga models, are vulnerable to a privilege elevation bug in the ImControllerService service allowing attackers to execute commands with admin privileges.

The flaws are tracked as CVE-2021-3922 and CVE-2021-3969 and affect the ImControllerService component of all Lenovo System Interface Foundation versions below 1.1.20.3. When viewing the Windows services screen, this service has a display name of "System Interface Foundation Service."

The particular service is a component of Lenovo System Interface Foundation, which helps Lenovo devices communicate with universal apps like Lenovo Companion, Lenovo Settings, and Lenovo ID. The service is preinstalled by default on numerous Lenovo Models, including Yoga and ThinkPad devices.

Updating is the only solution​

All Windows users running the ImController version 1.1.20.2 or older are advised to upgrade to the latest available version (1.1.20.3).
To determine what version you're running, follow these steps:
  • Open File Explorer and navigate to C:\Windows\Lenovo\ImController\PluginHost\.
  • Right-click on Lenovo.Modern.ImController.PluginHost.exe and select Properties.
  • Click on the Details tab.
  • Read the File version.
Removing the ImController component, or the Lenovo System Interface Foundation, from your device is not officially recommended because it may affect some functions on your device, even if it's not considered essential.
 

Gandalf_The_Grey

Level 62
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,132
Lenovo advisory:
Mitigation Strategy for Customers (what you should do to protect yourself):

Update the IMController component of Lenovo System Interface Foundation to version 1.1.20.3.

The Lenovo IMController software component is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the "System Interface Foundation Service" service.

To verify the Lenovo IMController version:
  1. Open File Explorer and navigate to C:\Windows\Lenovo\ImController\PluginHost\
  2. Right click on Lenovo.Modern.ImController.PluginHost.exe and select Properties.
  3. Click on the Details tab.
  4. Read the File version.