Unauthenticated remote attackers can achieve full system compromise on hosts running IDExpert Windows Logon Agent by forcing the execution of malicious remote files.

This is a Remote Code Execution (RCE) vulnerability. It allows an unauthenticated remote attacker to manipulate the agent into downloading arbitrary executable files from an attacker-controlled remote source and executing them with system-level privileges.

A successful exploit grants an attacker the ability to execute arbitrary code, leading to complete takeover of the affected Windows workstation or server. This presents a severe risk of data exfiltration, ransomware deployment, and lateral movement within the corporate network. The CVSS score of 9.8 reflects the critical nature of this flaw due to the lack of required authentication and high impact on system integrity.

Immediate Action: Update the IDExpert Windows Logon Agent to the latest available version provided by Changing immediately to close the execution vector.

Proactive Monitoring: Monitor network traffic for unauthorized outbound connections to unknown external IP addresses from logon agents and review Windows event logs for unexpected process creations.

Compensating Controls: Restrict outbound internet access for internal agents to only known-good update servers and utilize Endpoint Detection and Response (EDR) tools to block unauthorized file executions.

Public Exploit Available: false

This vulnerability is categorized as Critical and requires immediate attention from security teams. Organizations using Changing's IDExpert solution must prioritize the deployment of the vendor's patch to prevent unauthenticated remote code execution.