Important Security Fix in RdpGuard: Custom Actions Restricted to Administrators
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:

Security Fix: Custom Actions Now Require Admin Privileges


About the Issue

In previous versions of RdpGuard (up to 9.9.9), it was possible for non-administrative local users to open the RdpGuard UI and configure a Custom Action that executed an external program or script.

These actions were executed by the RdpGuard service, which runs under NT AUTHORITY\SYSTEM. As a result, a local attacker could execute arbitrary code with full system privileges.

This issue allowed privilege escalation from a standard user to SYSTEM.


How the Issue Was Fixed

Starting with version 10.0.5, the ability to edit or test Custom Actions has been restricted to users with administrator privileges only.

The RdpGuard UI now verifies the user's access level and blocks all attempts to configure or execute Custom Actions if the user is not a member of the local Administrators group.

Additionally, the RdpGuard service now checks the security context of clients communicating via IPC and refuses commands originating from non-administrative users.

This change effectively closes the privilege escalation vector.

Custom Actions dialog without administrator privileges

Custom Actions dialog when opened without administrator privileges, all modification options are disabled.

RdpGuard 10.0.5 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our customers say

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

Our Other Products
Copyright © 2012-2025 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.