Lenovo Security Advisory: LEN-2015-017 **Potential Impact: **Privilege Escalation Severity: Medium
Summary:
Lenovo Fingerprint Manger has a local privilege escalation vulnerability. This vulnerability cannot be remotely exploited. A local user logged in to the PC could escalate their privileges by running an executable with administrator rights.
Description:
Lenovo Fingerprint Manager software has a known issue where malicious users may invalidate local checks because of insecure and incorrect access control lists on services and files within the Lenovo Fingerprint Manager application.
Mitigation Strategy for Customers (what you should do to protect yourself):
There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps:
Starting from April 15, 2015, run Lenovo System Update and install the recommended Fingerprint Manager software update
Make sure you have the latest version of the software installed on your computer. The minimum version of Fingerprint Manager that corrects the problem is version 8.01.42 or later. You can find the latest version of the software at http://support.lenovo.com/downloads/ds034486.
Alternatively, if you are not using the Fingerprint Manager, you may uninstall this software using the following steps:
Product Impact:
The following products may be affected:
To determine if you are affected, open Control Panel and go to add/remove programs. If you are running an earlier version than 8.01.42, please update to the latest version of Fingerprint Manager using the steps in the Mitigation Strategy section.
Acknowledgements:
Lenovo would like to thank Jon Coller of The University of Saskatchewan for reporting this issue.
Other information and references:
Revision
|
Date
|
Description
—|—|—
1.1 | 05/27/2015 | Updated Summary description
1.0 | 05/08/2015 | Initial release