Access Connections Privilege Escalation

2016-06-20T00:00:00
ID LENOVO:PS500016-NOSID
Type lenovo
Reporter Lenovo
Modified 2016-06-20T00:00:00

Description

Lenovo Security Advisory: LEN-2015-033
Potential Impact: Escalation of Privileges
Severity: High

Summary:
ThinkVantage Access Connections contains a vulnerability that may allow a local user to escalate their privilege level.

Description:
This vulnerability can be exploited by a user with local access to the machine. A service used in ThinkVantage Access Connections attempts to load a DLL in a way that could allow a standard user to run code with escalated privileges on the host. This can only occur if the user can write the DLL to a directory that is in their PATH system variable.

Mitigation Strategy for Customers (what you should do to protect yourself):
Update ThinkVantage Access Connections to the latest version 6.25.65 or above.

To determine the currently installed version:

  1. Start the ThinkVantage Access Connections. The main screen will be displayed.
  2. In the menu bar, click Help, and then click About Access Connections. The version will be displayed next to ThinkVantage Access Connections.

For Windows 7, the update is available here:

http://support.lenovo.com/us/en/downloads/ds013683

Download the README file and follow the instructions to update to the latest version of Access Connections.

Product Impact:
ThinkVantage Access Connections versions earlier than 6.25.65

Acknowledgements:
We would like to thank Owen Shearing from 7Safe for reporting this vulnerability

Revision History:

Revision

|

Date

|

Description

---|---|---
1.0 | 08/14/2015 | Initial Release