fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Lenovo Laptops Vulnerable to Bug Allowing Admin Privileges

Lenovo Laptops Vulnerable to Bug Allowing Admin Privileges

Lenovo laptops, including ThinkPad and Yoga models, are vulnerable to a privilege elevation bug in the ImControllerService service allowing attackers to execute commands with admin privileges.

The flaws are tracked as CVE-2021-3922 and CVE-2021-3969 and affect the ImControllerService component of all Lenovo System Interface Foundation versions below 1.1.20.3. When viewing the Windows services screen, this service has a display name of “System Interface Foundation Service.”

The particular service is a component of Lenovo System Interface Foundation, which helps Lenovo devices communicate with universal apps like Lenovo Companion, Lenovo Settings, and Lenovo ID. The service is preinstalled by default on numerous Lenovo Models, including Yoga and ThinkPad devices.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

Lenovo IMControllerService Windows service
Lenovo ImControllerService Windows service

“The Lenovo System Interface Foundation Service provides interfaces for key features such as: system power management, system optimization, driver and application updates, and system settings to Lenovo applications including Lenovo Companion, Lenovo Settings and Lenovo ID,” reads the description of the Windows service.

“If you disable this service, Lenovo applications will not work properly.”

The discovery of the vulnerabilities was the work of researchers at NCC Group, who reported their findings to Lenovo on October 29, 2021.

The computer maker released the security updates on November 17, 2021, while the relevant advisory was published on December 14, 2021.

Also Read: 10 Best, Secured And Trusted Disposal Contractor In Singapore

Vulnerable system component

Because ImController needs to fetch and install files from Lenovo servers, execute child processes, and perform system configuration and maintenance tasks, it runs with SYSTEM privileges.

SYSTEM privileges are the highest user rights available in Windows and allow someone to perform almost any command on the operating system. Essentially, if a user gains SYSTEM privileges in Windows, they gain complete control over the system to install malware, add users, or change almost any system setting.

This Windows service will spawn further child processes, which open named pipe servers that the ImController service used to communicate with the child process. When ImController needs one of these services to execute a command, it will connect to the named pipe and issue XML serialized commands that should be executed.

Unfortunately, the service doesn’t handle the communications between privileged child processes securely and fails to validate the source of XML serialized commands. This means that any other process, even malicious ones, can connect to the child process to issue their own commands.

As such, an attacker leveraging this security gap can send an instruction to load a ‘plugin’ from an arbitrary location on the filesystem.

“The first vulnerability is a race condition between an attacker and the parent process connecting to the child process’ named pipe,” explains NCC Group

“An attacker using high-performance filesystem synchronization routines can reliably win the race with the parent process to connect to the named pipe.”

The researchers underline that their proof of concept code never failed to connect to the named pipe before the parent service could do so, which means the exploit is very reliable.

Winning the race to load malicious code
Winning the race to load malicious code
Source: NCC Group

The second flaw is a time-of-check to time-of-use (TOCTOU) vulnerability which enables an attacker to stall the loading process of a validated ImControllerService plugin and replace it with a DLL of their choosing.

Once the lock is released and the loading procedure continues, the DLL is executed, leading to privilege escalation.

Loading a malicious plugin.
Loading a malicious plugin via ImController
Source: NCC Group

Updating is the only solution

All Windows users with Lenovo laptops or desktops running the ImController version 1.1.20.2 or older are advised to upgrade to the latest available version (1.1.20.3).

To determine what version you’re running, follow these steps:

  • Open File Explorer and navigate to C:\Windows\Lenovo\ImController\PluginHost\.
  • Right-click on Lenovo.Modern.ImController.PluginHost.exe and select Properties.
  • Click on the Details tab.
  • Read the File version.

Removing the ImController component, or the Lenovo System Interface Foundation, from your device is not officially recommended because it may affect some functions on your device, even if it’s not considered essential.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us