Forum Discussion

HappyHippo's avatar
HappyHippo
Contributor
12 months ago

Security Vulnerability within LMInfo.sys

Hi,

 

I have tried to log a support case but the page is constantly reloading therefore I need to post here.

 

Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup 

 

We have checked and there's no update available for the LogMeIn clients. 

 

Could you please confirm when this will be patched and whether there's any action required on our side?

 

Files:

C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys  EAC1B9E1848DC455ED780292F20CD6A0C38A3406

C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406

C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406

 

Thanks,

 

35 Replies

Sort By
Show More
  • KateG's avatar
    KateG
    GoTo Manager
    12 months ago

    Hi lmiuser12HappyHippo good to talk with you both. 

     

    It’s currently being worked on still and we will begin releasing updates as they become ready. We have to test and make sure each component we update doesn’t introduce any new issues. 

     

    I do understand this is of concern. I'll update as I learn further, please feel free to check in as well. Thanks! 

  • HappyHippo's avatar
    HappyHippo
    Contributor
    12 months ago
    Hi Kate,

    Do you have any update to share on this? We have also received the same for the rainfo.sys file from LogMeIn - I believe related to the same vulnerability.

    C:/Program Files (x86)/LogMeIn/x64/rainfo.sys
    D0415ADE5501A645D8A43A0A90AB32A312BD4605

    We kindly await for an update and hopefully a date for remediation.

    Thanks
  • lmiuser12's avatar
    lmiuser12
    New Contributor
    12 months ago

    We having the same issue.  Is there any update on this?

  • KateG's avatar
    KateG
    GoTo Manager
    12 months ago

    HappyHippo Good to see you and thanks for calling this out. 

     

    Our team  is currently looking into this, we will post an update when we hear more.