The GoTo Community is currently experiencing some technical issues affecting new posts and comments. We are actively working with our service provider and apologize for the frustration.
Forum Discussion
Security Vulnerability within LMInfo.sys
Hi,
I have tried to log a support case but the page is constantly reloading therefore I need to post here.
Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup
We have checked and there's no update available for the LogMeIn clients.
Could you please confirm when this will be patched and whether there's any action required on our side?
Files:
C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406
C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406
Thanks,
37 Replies
Hi kehem78011, I'm having trouble locating your account in our system, which of our services are you using?
Hello KateG,
CrowdStrike EDR has recently detected the driver RAInfo.sys as vulnerable. Do you have any updates regarding this issue? Is there any update to the software to address this vulnerable driver? This issue is considered critical to us and we may remove the software if there is no update to the
Looking forward for hearing from you.
Ok thanks for the help and suggestion! It appears it is fixing some but not others at this point.
SOSCOMP I've looked through the last 2 weeks of support tickets for any other customers reporting the same ESET issue and the couple that I have found all reported the issue was resolved after installing the update. AT this stage I think the best thing is for you to call support from one of your computers and go though the update process with a representative so they can observe, capture what happens and any other relevant details.
- Did you find resolution to this issue?
We updated LMI manaully and rebooted. Problem still exists. It can be triggered by looking at properties>details of the lmiinfo.sys file (which are blank) or by opening LMI control Panel and going to About>Check for updates, among other triggers. But that is easiest way to see if update worked. When LMI is uninstalled and reinstalled, the properties>Details of the lmiinfo.sys file are not blank -shows version info etc and cannot trigger ESET.
We did that last week when we found out about the release-it did not help. Please see all of my previous posts in htis thread. So far the only thing working is to uninstall and reinstall LogMein.
2 out 140 PCs done 😞 Please help.
Hey!
Last Tuesday we released a new host version that is slowly being deployed to customers. You can update manually to this latest version that contains the fix of the issue detected by ESET.Hi-just checking to see if you kn ow if the LMI team is working on a fix -thanks!
