Hi,
I have tried to log a support case but the page is constantly reloading therefore I need to post here.
Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup
We have checked and there's no update available for the LogMeIn clients.
Could you please confirm when this will be patched and whether there's any action required on our side?
Files:
C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406
Thanks,
@HappyHippo Good to see you and thanks for calling this out.
Our team is currently looking into this, we will post an update when we hear more.
We having the same issue. Is there any update on this?
Hi @lmiuser12, @HappyHippo good to talk with you both.
It’s currently being worked on still and we will begin releasing updates as they become ready. We have to test and make sure each component we update doesn’t introduce any new issues.
I do understand this is of concern. I'll update as I learn further, please feel free to check in as well. Thanks!
Hi Kate,
It's been a few days since the question asked. Did the development team manage to make an update?
Thanks in advance!
@ESETtest01 An update has not been released yet, the team is continuing work on this as a high priority. My understanding is there is more than one component to update and we need to test and confirm that no new issues are introduced. We will post announce the update here in the community once it is ready to release.
Thanks for the update.
Folks,
FYI: A fix is on its way. It will be released on the 12th of March.