Product Communities
Sign In Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Getting started | Community guidelines
HappyHippo
Active Contributor

Security Vulnerability within LMInfo.sys

Hi,

 

I have tried to log a support case but the page is constantly reloading therefore I need to post here.

 

Our endpoint security product has detected the lmiinfo.sys as being an potentially unsafe application. Having looked into this, we can see a PoC to exploit this vulnerability for privilege escalation to SYSTEM permissions. https://github.com/alfarom256/LogMeInPoCHandleDup 

 

We have checked and there's no update available for the LogMeIn clients. 

 

Could you please confirm when this will be patched and whether there's any action required on our side?

 

Files:

C:/Program Files (x86)/LogMeIn/x64/lmiinfo.sys  EAC1B9E1848DC455ED780292F20CD6A0C38A3406

C:/Windows/System32/drivers/LMIInfo.sys EAC1B9E1848DC455ED780292F20CD6A0C38A3406

C:/Windows/System32/drivers/LMIInfo.sys.000.bak EAC1B9E1848DC455ED780292F20CD6A0C38A3406

 

Thanks,

 

‎02-16-2024 06:47 AM
0 Kudos
Reply
35 REPLIES 35
KateG
GoTo Moderator
GoTo Moderator

Re: Security Vulnerability within LMInfo.sys

@HappyHippo Good to see you and thanks for calling this out. 

 

Our team  is currently looking into this, we will post an update when we hear more. 

 


Kate is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!


Free new user and admin training
‎02-16-2024 02:39 PM
0 Kudos
Reply
HappyHippo
Active Contributor

Re: Security Vulnerability within LMInfo.sys

Thanks Kate.
‎02-19-2024 04:45 AM
0 Kudos
Reply
lmiuser12
New Contributor

Re: Security Vulnerability within LMInfo.sys

We having the same issue.  Is there any update on this?

‎02-19-2024 04:55 AM
Reply
HappyHippo
Active Contributor

Re: Security Vulnerability within LMInfo.sys

Hi Kate,

Do you have any update to share on this? We have also received the same for the rainfo.sys file from LogMeIn - I believe related to the same vulnerability.

C:/Program Files (x86)/LogMeIn/x64/rainfo.sys
D0415ADE5501A645D8A43A0A90AB32A312BD4605

We kindly await for an update and hopefully a date for remediation.

Thanks
‎02-22-2024 03:51 AM
0 Kudos
Reply
KateG
GoTo Moderator
GoTo Moderator

Re: Security Vulnerability within LMInfo.sys

Hi @lmiuser12@HappyHippo good to talk with you both. 

 

It’s currently being worked on still and we will begin releasing updates as they become ready. We have to test and make sure each component we update doesn’t introduce any new issues. 

 

I do understand this is of concern. I'll update as I learn further, please feel free to check in as well. Thanks! 


Kate is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!


Free new user and admin training
‎02-22-2024 02:19 PM
0 Kudos
Reply
ESETtest01
Visitor

Re: Security Vulnerability within LMInfo.sys

Hi Kate,

It's been a few days since the question asked. Did the development team manage to make an update?

 

Thanks in advance!

‎03-04-2024 06:32 AM
0 Kudos
Reply
GlennD
GoTo Manager
GoTo Manager

Re: Security Vulnerability within LMInfo.sys

@ESETtest01 An update has not been released yet, the team is continuing work on this as a high priority. My understanding is there is more than one component to update and we need to test and confirm that no new issues are introduced. We will post announce the update here in the community once it is ready to release.

 

 

Glenn is a member of the GoTo Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!.
Do you want a new feature added? Make sure you Kudo (vote) for the Idea

Free user and admin training
‎03-04-2024 01:31 PM
0 Kudos
Reply
alfarom256
Visitor

Re: Security Vulnerability within LMInfo.sys

Thanks for the update.

‎03-04-2024 01:40 PM
0 Kudos
Reply
ProCentPM
GoTo Contributor
GoTo Contributor

Re: Security Vulnerability within LMInfo.sys

Folks,

 

FYI: A fix is on its way. It will be released on the 12th of March. 

‎03-11-2024 10:00 AM
0 Kudos
Reply
About Us
Terms of Service
NEW Privacy Policy
Trademark
© 2024 LogMeIn, Inc. All Rights Reserved