Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-17-2021 11:19 AM
Hi,
We are trying to figure out a way to create a report that would find any devices in our environment that is not running the latest version of the ImControllerService component of the Lenovo System Interface Foundation.
I know that we can manually check to see if we are on the correct version on the machine itself, but need a way to create a report so we can check all machines.
To find what version you are on, you can do the below:
Users should all be on version 1.1.20.3 and anything below that is vulnerable.
2 CVE's have been released for this as below:
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Can anyone assist with this?
We are trying to figure out a way to create a report that would find any devices in our environment that is not running the latest version of the ImControllerService component of the Lenovo System Interface Foundation.
I know that we can manually check to see if we are on the correct version on the machine itself, but need a way to create a report so we can check all machines.
To find what version you are on, you can do the below:
- Open File Explorer and navigate to C:\Windows\Lenovo\ImController\PluginHost\
Right click on Lenovo.Modern.ImController.PluginHost.exe and select Properties.
Click on the Details tab.
Read the File version.
Users should all be on version 1.1.20.3 and anything below that is vulnerable.
2 CVE's have been released for this as below:
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Can anyone assist with this?
Labels:
- Labels:
-
General Discussion
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-17-2021 04:12 PM
As long as I'm not just skimming over something obvious, this should be easy to accomplish.
Scanning -> Scanning Targets -> Add File Scan -> C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
Rescan the devices (or one device, to test)
Individually the results will show up in Config -> Scanned Info -> File Info for each device.
For reporting you can do something like what I have below. It can be tightened up a bit, however I'm just copying a report we have to accomplish something similar.
Scanning -> Scanning Targets -> Add File Scan -> C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
Rescan the devices (or one device, to test)
Individually the results will show up in Config -> Scanned Info -> File Info for each device.
For reporting you can do something like what I have below. It can be tightened up a bit, however I'm just copying a report we have to accomplish something similar.
Select Top 1000000 tsysOS.Image As icon,
tblassets.AssetID,
tblassets.AssetName,
tblfileversions.Found,
tblfileversions.FilePathfull,
tblfileversions.FileVersion,
tblfileversions.CompanyName,
tblfileversions.Filesize,
tblfileversions.Lastchanged,
tblassets.Domain,
tblassets.Username,
tblassets.Userdomain,
tblassets.IPAddress,
tblassets.Description,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssetCustom.Location,
tsysIPLocations.IPLocation,
tsysOS.OSname As OS,
tblassets.SP As SP,
tblassets.Firstseen,
tblassets.Lastseen
From tblassets
Inner Join tblfileversions On tblassets.AssetID = tblfileversions.AssetID
Inner Join tblAssetCustom On tblassets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblassets.OScode
Left Join tsysIPLocations On tblassets.LocationID = tsysIPLocations.LocationID
Where tblfileversions.FilePathfull Like '%Lenovo.Modern.ImController.PluginHost.exe' And
tblassets.Assettype = -1
Order By tblassets.AssetName
