The IDExpert Windows Logon Agent is susceptible to a critical remote code execution flaw that allows unauthenticated attackers to execute malicious DLLs on target systems.

The software contains a Remote Code Execution (RCE) vulnerability. An unauthenticated attacker can remotely force the system to download arbitrary DLL files from a malicious source and execute them, bypassing standard security boundaries.

The impact of this vulnerability is critical, as it allows for unauthorized code execution at the system level without requiring user interaction or credentials. This could lead to the total compromise of sensitive authentication infrastructure and the theft of user credentials. The CVSS score of 9.8 underscores the extreme risk to organizational security and business continuity.

Immediate Action: Apply the latest security updates for IDExpert Windows Logon Agent as provided by the vendor to mitigate this RCE risk.

Proactive Monitoring: Inspect system logs for the loading of unsigned or suspicious DLLs and monitor for unusual network activity originating from the logon agent service.

Compensating Controls: Implement strict firewall rules to prevent the logon agent from initiating connections to untrusted external domains and employ application whitelisting.

Public Exploit Available: false

Given the Critical severity and the potential for complete system takeover, IT administrators should treat this as a top-priority patching task. Immediate remediation is necessary to protect Windows logon environments from remote compromise.