There are high-risk vulnerabilities in the software pre-installed on Lenovo laptops

by do son ·

Recently, Lenovo announced the high-risk vulnerabilities CVE-2021-3922 and CVE-2021-3969 in the Lenovo Vantage supporting software. The above-mentioned vulnerabilities allow local privilege escalation.

The vulnerability is mainly located in the IMController component. Attackers can perform more malicious and dangerous operations after using related vulnerabilities to elevate local privileges.

Broadcom chipset

CVE-2021-3922: A race condition vulnerability has been reported in IMController, a software component of the Lenovo System Interface Foundation, which could allow a local attacker to connect and interact with the named pipe of the IMController child process.

CVE-2021-3969: A Time of Check Time of Use (TOCTOU) vulnerability has been reported in IMController, a software component of the Lenovo System Interface Foundation, which could allow a local attacker to elevate privileges.

Related vulnerabilities may affect millions of Lenovo users, but currently, Lenovo has solved the problem and automatically pushed it so that it will not cause too much impact on users.

The IMController component included in Lenovo’s pre-installed software has many negative reviews, mainly because the component sometimes takes up high hardware resources and causes the system to become stuck.

For users, if they do not need to use the software pre-installed by these manufacturers, they can also uninstall it directly. After all, as long as the uninstallation and deletion are clean, there will be no flaws.

After this update, the IMController component version of Lenovo’s pre-installed software has been upgraded to version 1.1.20.3. Users can check whether it has been updated according to the following methods.
Open the Explorer and paste the address C:\Windows\Lenovo\ImController\PluginHost\ in the address bar, and then press Enter to enter. Then right-click Lenovo.Modern.ImController.PluginHost.exe and select Properties, Details, and you can see the specific version number here.

If the file version number is version 1.1.20.3, it means it has been updated. If it is lower than this version, it means it has not been updated and is affected by the vulnerability, please try to upgrade to the latest version.

Tags: CVE-2021-3922CVE-2021-3969