Hi, I have tried to log a support case but the page is constantly reloading therefore I need to post here. Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup We have checked and there's no update available for the LogMeIn clients. Could you please confirm when this will be patched and whether there's any action required on our side? Files:C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406 Thanks,

We having the same issue. Is there any update on this?

Hi Glen, I've only installed the update on one system so far, due to the issue I raised in my last post, but that system did pass an AV scan w/o a detection. Best,

HappyHippo Good to see you and thanks for calling this out. Our team is currently looking into this, we will post an update when we hear more.

Hi Kate,Do you have any update to share on this? We have also received the same for the rainfo.sys file from LogMeIn - I believe related to the same vulnerability.C:/Program Files (x86)/LogMeIn/x64/rainfo.sysD0415ADE5501A645D8A43A0A90AB32A312BD4605We kindly await for an update and hopefully a date for remediation.Thanks

Security Vulnerability within LMInfo.sys

37 Replies

SOSCOMP
New Contributor
2 years ago
We have same issue and mos recent update for LogMein did not fix it. We use ESET Endpoint and their support said it was LMI issue-thanks
SOSCOMP
New Contributor
2 years ago
Hi did your get a resolution to this? We have same issue -using ESET Endpoint
2ARM5
Active Contributor
2 years ago
Hi Glenn,

All of our systems are set to update automatically, but the update is prompting users for admin. credentials.

Our users don't have admin. rights. Is there a way to run this update programmatically?
SOSCOMP
New Contributor
2 years ago
Hi we are having same issue and with our endpoint security and LMI. We have ran the LMI update today (version.15410 installed) and rebooted. Our ENDpoint product is upto date as well.
"A potentially unsafe application (Win64/LogMeIn.A) found in a file (the filename is random)" tried to access."
Please help-pop-ups occurring often!
GlennD
GoTo Manager
2 years ago
Hi,

We have begun deploying the update to accounts and systems will begin auto updating over the coming days.
lmiuser12
New Contributor
2 years ago
thanks for the update
ProCentPM
GoTo Contributor
2 years ago
Folks,

FYI: A fix is on its way. It will be released on the 12th of March.
alfarom256
Visitor
2 years ago
Thanks for the update.
GlennD
GoTo Manager
2 years ago
ESETtest01 An update has not been released yet, the team is continuing work on this as a high priority. My understanding is there is more than one component to update and we need to test and confirm that no new issues are introduced. We will post announce the update here in the community once it is ready to release.
ESETtest01
Visitor
2 years ago
Hi Kate,
It's been a few days since the question asked. Did the development team manage to make an update?

Thanks in advance!

Forum Discussion

Security Vulnerability within LMInfo.sys

37 Replies

Recent Discussions

Deletion of my account

Clicking "redeem LastPass subscription" loops back to my Pro dashboard

Unable to Cancel Subscription

Getting black windows if they are hardware rendered

Mac OS client always freezes while logging in during Duo authentication step