A critical remote code execution vulnerability in the BarTender .NET Remoting service allows unauthenticated attackers to gain system-level control over the host server.

The vulnerability exists in the .NET Remoting service exposed on TCP port 7375. Due to unsafe configuration of the TypeFilterLevel to "Full," an unauthenticated remote attacker can exploit object unmarshalling to execute arbitrary code, manipulate files, or coerce NTLMv2 authentication.

With a CVSS score of 9.8, this flaw represents a total compromise of the host server. Because the service runs as NT AUTHORITY\SYSTEM, attackers gain the highest level of system privileges, enabling them to install persistent backdoors, steal sensitive credentials, and move laterally across the entire organization's network.

Immediate Action: Update BarTender to the latest patched version provided by the vendor.

Proactive Monitoring: Monitor TCP port 7375 for unexpected traffic and review system logs for suspicious process creation or unauthorized file access.

Compensating Controls: Use firewall rules to restrict access to TCP port 7375 to only authorized internal machines, preventing external or unauthorized network segments from reaching the service.

Public Exploit Available: Not specified

This is an extremely high-risk vulnerability that requires immediate attention. All affected BarTender installations should be updated, and network access to the Remoting service should be strictly limited until the patch is applied.