Synaptics Keyboard Driver Unprotected Debug Mode - us

Synaptics Keyboard Driver Unprotected Debug Mode

Lenovo Security Advisory: LEN-18507

**Potential Impact:**Loss of confidentiality local to system

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2017-17556

Summary Description:

A researcher discovered a vulnerability in Synaptics keyboard drivers used across the industry. Synaptics initially assessed there was no risk to Lenovo products and therefore did not inform Lenovo. However, once the vulnerability was made public and Lenovo inquired, Synaptics concluded action was needed.

To exploit the vulnerability, an attacker who had already obtained administrative privileges would set a hidden registry key to enable debug mode on the keyboard driver, causing it to capture all keystrokes to a WPP trace (Windows software trace preprocessor) for later retrieval. While this tool for driver and system developers is common, the problem in this case is inadequate protection.

Mitigation Strategy for Customers (what you should do to protect yourself):

Remediation for this issue has been merged with LEN-19151. Refer to security advisory LEN-19151 for details.

Prior to new drivers being available, users should follow best security practices by selecting the lowest necessary user permissions. Log in as a standard user rather than administrator whenever feasible, and consider carefully before approving unsolicited UAC (User Account Control) pop-ups requesting administrator rights.