t3hcr/Check_and_update_Lenovo_ImController.ps1

## Check_and_update_Lenovo_ImController.ps1
<#
CONTEXT:
- https://heimdalsecurity.com/blog/lenovo-laptops-vulnerable-to-privilege-escalation-exploit/
- https://support.lenovo.com/cy/en/product_security/len-75210

On default installs, ImController is located at:
\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

Per the article and advisory, versionf of ImController 1.1.20.2 and earlier are vulnerable.

You can query this remotely and interact with the service through PowerShell. Examples below:
#>

## Query a computer for ImController version
$ComputerName = "SomeComputer"

(Get-ItemProperty '\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe').VersionInfo

<#
Returned data:

ProductVersion   FileVersion      FileName
--------------   -----------      --------
1.1.20.3         1.1.20.3         \\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
#>

## Per the Lenovo advisory article (see CONTEXT at top):
## "The Lenovo IMController software component is automatically updated by the Lenovo System Interface Foundation Service.
## To immediately start the update process, reboot the computer or restart the "System Interface Foundation Service" service."
##
## Personally, I was able to restart the service - no system reboot - and the software updated automatically.

# Check service
Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service"}

# Restart service
Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service" | Restart-Service}
	<#
	CONTEXT:
	- https://heimdalsecurity.com/blog/lenovo-laptops-vulnerable-to-privilege-escalation-exploit/
	- https://support.lenovo.com/cy/en/product_security/len-75210

	On default installs, ImController is located at:
	\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

	Per the article and advisory, versionf of ImController 1.1.20.2 and earlier are vulnerable.

	You can query this remotely and interact with the service through PowerShell. Examples below:
	#>

	## Query a computer for ImController version
	$ComputerName = "SomeComputer"

	(Get-ItemProperty '\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe').VersionInfo

	<#
	Returned data:

	ProductVersion FileVersion FileName
	-------------- ----------- --------
	1.1.20.3 1.1.20.3 \\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
	#>

	## Per the Lenovo advisory article (see CONTEXT at top):
	## "The Lenovo IMController software component is automatically updated by the Lenovo System Interface Foundation Service.
	## To immediately start the update process, reboot the computer or restart the "System Interface Foundation Service" service."
	##
	## Personally, I was able to restart the service - no system reboot - and the software updated automatically.

	# Check service
	Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service"}

	# Restart service
	Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service" \| Restart-Service}