Thursday, April 24, 2025
HomeCVE/vulnerabilityLenovo Laptop Flaws Let Attackers Gain Admin Privileges

Lenovo Laptop Flaws Let Attackers Gain Admin Privileges

Published on

SIEM as a Service

Follow Us on Google News

Privilege elevation bugs have been detected recently by the security analysts at NCC Group in the ImControllerService service of Lenovo laptops including the top models like ThinkPad and Yoga. 

This privilege elevation flaws with admin privileges allow the threat actors to execute arbitrary commands. 

The ImControllerService component of all Lenovo System Interface Foundation versions below 1.1.20.3 are vulnerable to this privilege elevation flaw.

- Advertisement - Google News

Flaws Detected

The flaws that are affecting the Lenovo laptops are tracked as:-

  • CVE-2021-3922: A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, that could allow a local attacker to connect and interact with the IMController child process’ named pipe.
  • CVE-2021-3969: A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, that could allow a local attacker to elevate privileges.

On October 29, 2021, these findings were reported by NCC Group to Lenovo, in response, on November 17, 2021, Lenovo released the security updates, and on December 14, 2021, they published the pertinent advisory.

In Lenovo laptops to communicate with universal apps like Lenovo Companion, Lenovo Settings, and Lenovo ID the System Interface Foundation Service helps the laptops to do so.

This service is one of the essential services offered by Lenovo that comes preinstalled by default on all the Lenovo laptop models. So, if this service gets disabled then the default applications of Lenovo will not work adequately.

Vulnerable System Component

The ImController requires to convey all the files and to install them from the Lenovo servers, it also conducts the child processes, and completes system configuration and maintenance tasks as per the requirement.

The SYSTEM privileges are the rights that are mostly desired by the users. It is present in the windows, and it generally enables the users to carry out all types of commands on their systems.

Once the user gets full control over the SYSTEM privileges, they can completely control the system and that’s why they can also perform the commands that are present in the system device.

Mitigation

To mitigate this flaw the users must have to update their software to the latest version, those who have Lenovo laptops or desktops, and are having the ImController version 1.1.20.2 or older version.   

Here to do so you have to follow a few simple steps, that we have mentioned below, and by doing so will eventually help the users to identify that what version they are running on:-

  • At first, open the File Explorer and go to the C:\Windows\Lenovo\ImController\PluginHost\.
  • Noe right-clicks on Lenovo.Modern.ImController.PluginHost.exe and select Properties.
  • Next tap on the Details tab.
  • Now the users can read the File version.

Officially removing the “ImController component,” or the “Lenovo System Interface Foundation” is not recommended since removing these components will make your Lenovo laptop or system behave abnormal.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks

Verizon Business's 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints...

Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities

A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group,...

ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools

In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure...

Threat Actors Exploiting Unsecured Kubernetes Clusters for Crypto Mining

In a startling revelation from Microsoft Threat Intelligence, threat actors are increasingly targeting unsecured...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Verizon DBIR Report: Small Businesses Identified as Key Targets in Ransomware Attacks

Verizon Business's 2025 Data Breach Investigations Report (DBIR), released on April 24, 2025, paints...

Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities

A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group,...

ToyMaker Hackers Compromise Numerous Hosts via SSH and File Transfer Tools

In a alarming cybersecurity breach uncovered by Cisco Talos in 2023, a critical infrastructure...