The GoTo Community is currently experiencing some technical issues affecting new posts and comments. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Security Vulnerability within LMInfo.sys
Hi,
I have tried to log a support case but the page is constantly reloading therefore I need to post here.
Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup
We have checked and there's no update available for the LogMeIn clients.
Could you please confirm when this will be patched and whether there's any action required on our side?
Files:
C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406
Thanks,
37 Replies
We manually updated one to the new LMI version as a test. Didn't help. Like I said we don't have any issue on one that has a fresh LMI installation and has ESET. I sent a reply on this earlier too
SOSCOMP When we deploy new versions only a small number of systems receive it in the beginning, did you manually updated all of your computers to the new Host software 4.1.0.15410? The computers that ESET is reporting an issue with may not have updated yet, have you confirmed that they are all running v4.1.0.15410 of the Host software?
We took a Windows10 PC with just ESET on it and installed LogmeIn (never on system before) and ESET did not detect anything-ran a custom scan on hte LMI directory too. The LMIinfo.sys in this new install is 11.1.0.3236. When we check the properties for the systems with LMI already installed and updated there is no version information listed. Odd. Could it be we have to uninstall and install LMI on the systems? Hard to do remotely I guess unless we do an ad hoc session to the systems, then uninstall and reinstall LMI?
The LMI update did not fix the issue for us. We use ESET endpoint Security. What Antivirus are you using? Any resolution for you yet?
Hi -Windows 10 Pro and Windows11 Pro
Interesting. Users have reported, and I myself experienced, an update prompt without manually checking for an update. I've now reviewed the installed version on all systems, about 12% are up to date. Guess we'll give it some time.
Thanks
SOSCOMP What version of Windows is being used? We tested all supported Windows versions and only identified an issue with Windows 7 x64 and Server 2008 R2 x64 as they have issues validating the signature of the updated driver. According to Microsoft this Windows update should help with that: https://catalog.update.microsoft.com/search.aspx?q=kb4474419
Hi Glen,
I've only installed the update on one system so far, due to the issue I raised in my last post, but that system did pass an AV scan w/o a detection.
Best,
Hi, I am checking with the team on what the next course of action is. The update itself was quite minor and should have just resulted in the previous LMInfo.sys warning going away.
