Lenovo Security Advisory: LEN-10150
Potential Impact: Local privilege escalation
Severity: High
**Scope of Impact:**Lenovo specific
**CVE Identifier:**CVE-2016-8223
Summary Description:
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
Lenovo System Interface Foundation (which runs in Windows Task Manager as a service called Lenovo.Modern.ImController.exe or Lenovo.Modern.ImController.PluginHost.exe) is a Lenovo-developed software utility that provides system level functionality such as services, drivers and helper applications to other Lenovo software apps and services on Windows 10 systems, including Lenovo Companion, Lenovo Settings and Lenovo ID.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the latest version of Lenovo System Interface Foundation (version 1.0.67.0 or later). This will be done automatically as of October 18, 2016 unless users have manually disabled automatic updates. Users can also manually update by downloading the version at the link below:
<http://support.lenovo.com/downloads/ds105970>
To check your version of Lenovo System Interface Foundation, follow the steps below: