Changing IDExpert Windows Logon Agent Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the IDExpert Windows Logon Agent, specifically in versions 2.7.3.230719 through 2.8.4.250925. This vulnerability allows unauthenticated remote attackers to manipulate the system into downloading and executing arbitrary DLL files from a remote source. The issue arises from a default configuration problem in the WinLogon installation package, which could be exploited by malicious actors.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with the executed code running in the context of the user account under which the IDExpert Windows Logon Agent is running.

Remediation

Users of the IDExpert Windows Logon Agent should immediately update to the latest version. A patch is available for download from the Changing Technology website. Instructions for applying the patch can be found in the patch readme, also available on the Changing Technology website.