all InfoSec news
CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater
Malware Analysis, News and Indicators - Latest topics malware.news
Version: Lenovo Updater Version <= 5.08.01.0009
Operating System Tested On: Windows 10 22H2 (x64)
Vulnerability: Lenovo System Updater Local Privilege Escalation via Arbitrary File Write
Advisory: https://support.lenovo.com/us/en/product_security/LEN-135367
Vulnerability Overview
The Lenovo System Update application is designed to allow non-administrators to check for and apply updates to their workstation. During the process of checking for updates, the privileged Lenovo Update application attempts to utilize C:\SSClientCommon\HelloLevel_9_58_00.xml, which doesn’t exist on the filesystem. Due to the ability for any low-privileged user to …
article cve escalation lenovo link local local privilege escalation matt posts privilege privilege escalation specterops system team topic