Security researchers have discovered two vulnerabilities in programs that ship with Lenovo laptops. The vulnerabilities give attackers the opportunity to obtain admin rights. Updates are available for the affected devices.
The recently discovered vulnerabilities are registered as CVE-2021-3922 and CVE-2021-3969. Both vulnerabilities were found in the software component IMControllerService. The service is preinstalled on many Lenovo Yoga and ThinkPad devices and brings additional features such as the diagnostic and optimization tool Lenovo Vantage with it. So far, the gaps have not received an official classification.
However, a report published by the NCC Group shows that the vulnerabilities have a high threat potential. The loopholes give hackers the option to execute code with higher privileges. However, both vulnerabilities can only be exploited locally, so that an attacker must have already gained access to the PC. In practice, several exploits are often combined in order to access a computer and then start programs with admin rights.
Lenovo responded quickly to the problem and provided an update for the affected software. The update is version number 1.1.20.3 and should be downloaded automatically in most cases. To check the version number, go to the path “C: \ Windows \ Lenovo \ ImController \ PluginHost” and right-click to display the details of the “Lenovo.Modern.ImController.PluginHost.exe” file.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.