Skip to content

Instantly share code, notes, and snippets.

@t3hcr
Created January 6, 2022 19:23
Show Gist options
  • Save t3hcr/9f8d4a2ed30fb0cdacb2fe10f6c4c2ac to your computer and use it in GitHub Desktop.
Save t3hcr/9f8d4a2ed30fb0cdacb2fe10f6c4c2ac to your computer and use it in GitHub Desktop.
Checking and updating Lenovo ImController version with PowerShell
<#
CONTEXT:
- https://heimdalsecurity.com/blog/lenovo-laptops-vulnerable-to-privilege-escalation-exploit/
- https://support.lenovo.com/cy/en/product_security/len-75210
On default installs, ImController is located at:
\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
Per the article and advisory, versionf of ImController 1.1.20.2 and earlier are vulnerable.
You can query this remotely and interact with the service through PowerShell. Examples below:
#>
## Query a computer for ImController version
$ComputerName = "SomeComputer"
(Get-ItemProperty '\\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe').VersionInfo
<#
Returned data:
ProductVersion FileVersion FileName
-------------- ----------- --------
1.1.20.3 1.1.20.3 \\$ComputerName\C$\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
#>
## Per the Lenovo advisory article (see CONTEXT at top):
## "The Lenovo IMController software component is automatically updated by the Lenovo System Interface Foundation Service.
## To immediately start the update process, reboot the computer or restart the "System Interface Foundation Service" service."
##
## Personally, I was able to restart the service - no system reboot - and the software updated automatically.
# Check service
Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service"}
# Restart service
Invoke-Command -ComputerName $ComputerName {Get-Service -DisplayName "System Interface Foundation Service" | Restart-Service}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment