Lenovo laptop vulnerability allows attackers to execute malicious code: How to fix it

Are you a Lenovo laptop owner or user? Update your system immediately.

SafeBreach security researchers found a vulnerability in the Lenovo System Interface Foundation, a service that comes pre-installed on Lenovo computers.

The Lenovo System Interface is an essential piece of code required to run Lenovo Settings for both Lenovo Vantage and Enterprise. The component is pre-installed on almost all modern Lenovo laptops and gives users the ability to update drivers, request support, or run diagnostics.

lenovo malware pic

Lenovo laptop vulnerability

Lenovo’s laptop vulnerability, identified as CVE-2019-6189, gives an attacker the ability to hijack a machine and install malicious code without detection.

It’s not clear yet the extent of the vulnerability’s targets. SafeBreach, however, estimates it could be a large number. According to the researchers:

“…this service was interesting because it is pre-installed on Windows-based Lenovo PCs. A vulnerability in such a service would have a big impact and would be interesting to many people.”

A preinstalled service comes with the laptop at purchase. It’s custom computer code designed to run specifically on the manufacturer’s devices.

How does the vulnerability work?

SafeBreach found the vulnerability, CVE-2019-6189, by loading an arbitrary DLL: a file that runs in the place of another. The file was loaded into a signed process that runs as NT AUTHORITY/SYSTEM, an admin account with high-level privileges.

The security researchers were able to load Wintrust.dll and run code within Lenovo.Modern.ImController.PluginHost.Device.

That sort of access gave them unparalleled ability to plant malicious payloads into the Lenovo System Interface Foundation service posing as legitimate admins. The harmful code could run every time, even when an infected system is rebooted.

According to Safebreach, the flaw is as a result of an untrusted DLL search order coupled with the lack of digital certification validation.

SafeBreach has found similar flaws in the recent past. Some of those affected include HP and Dell computers, BitDefender, Symantec, and McAfee antivirus software.

How to fix the Lenovo laptop flaw

Lenovo released a fix on Nov 19. The vulnerability was however discovered in August. According to the company, the vulnerability is of “Medium” severity.

An attacker would need admin access to your laptop to exploit the Lenovo laptop vulnerability. You’re protected as long as someone doesn’t physically access your computer.

To install the fix, head over to Lenovo’s downloads page and update Lenovo System Interface Foundations to version 1.1.18.3 (or higher). Once installed, the patch should protect your laptop from the vulnerability.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit Popup for Wordpress