Lenovo Security Advisory: LEN-2015-033
Potential Impact: Escalation of Privileges
ThinkVantage Access Connections contains a vulnerability that may allow a local user to escalate their privilege level.
This vulnerability can be exploited by a user with local access to the machine. A service used in ThinkVantage Access Connections attempts to load a DLL in a way that could allow a standard user to run code with escalated privileges on the host. This can only occur if the user can write the DLL to a directory that is in their PATH system variable.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update ThinkVantage Access Connections to the latest version 6.25.65 or above.
To determine the currently installed version:
For Windows 7, the update is available here:
Download the README file and follow the instructions to update to the latest version of Access Connections.
ThinkVantage Access Connections versions earlier than 6.25.65
We would like to thank Owen Shearing from 7Safe for reporting this vulnerability
1.0 | 08/14/2015 | Initial Release