Not all PC vulnerabilities are caused by Microsoft. Sometimes, applications pre-installed in the notebook can also cause serious problems. Recently, security researchers discovered vulnerabilities in the built-in management software of Lenovo Yoga and ThinkPad series notebooks, and there is a potential risk of being attacked and exploited by hackers. Security experts discovered two vulnerabilities in the ImControllerService service, which can be exploited to obtain permission escalation to control the system.
These Vulnerabilities Are:
- CVE-2021-3922: A race condition vulnerability was reported in IMController (a software component based on Lenovo’s system interface), which may allow a local attacker to connect and interact with the named pipe of the IMController child process.
- CVE-2021-3969: A TOCTOU vulnerability was reported in IMController, a software component of the Lenovo system interface, which may allow local attackers to elevate their privileges.
Although these vulnerabilities are local vulnerabilities, attackers often chain vulnerabilities and ultimately control your computer, which means that even local vulnerabilities need to be patched. Fortunately, Lenovo updated the IMController component to reach version 1.1.20.3 and fixed the problem.
The update will be pushed automatically, or you can manually trigger the update by restarting the computer or restarting the “System Interface Basic Services”. To check if you already have the latest version of Lenovo IMController.
- Open the file manager and enter C: ( Windows ) (Lenovo) (ImController) (PluginHost).
- Right-click Lenovo.Modern.ImController.PluginHost.exe and select Properties.
- Click the “Details” tab.
- Read the version of the file.
