CVE-2019-17201
Description
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local attacker can bypass group policies in FastTrack Admin By Request 6.1.0.0 by directly communicating with the underlying service via its .NET named pipe to gain Administrator privileges.
Vulnerability
FastTrack Admin By Request 6.1.0.0 supports group policies intended to restrict which users can elevate to Administrator privilege. The elevation mechanism uses a .NET named pipe for communication between the AdminByRequest.exe interface and the underlying service (Audckq32.exe). The service relies on client-side validation in the interface to enforce access control, which means the service itself does not perform any local checks when an elevation request is received [1]. This design flaw exposes a vulnerable functionality that can be accessed by any process on the local machine.
Exploitation
An attacker with local access to a system running FastTrack Admin By Request 6.1.0.0 does not need any special privileges or group policy membership. By crafting a direct communication to the .NET named pipe used by the Audckq32.exe service, the attacker can bypass the AdminByRequest.exe interface entirely. The service will accept the elevation request without verifying the requesting user's credentials or group policy permissions [1][2]. No user interaction is required beyond the initial local access.
Impact
Successful exploitation allows an unprivileged attacker to obtain full Administrator privileges on the affected machine. This completely bypasses the group policies that were intended to restrict elevation, giving the attacker complete control over the system, including the ability to install software, modify system files, create new accounts, and perform any other administrative actions [2].
Mitigation
The vendor has not released a patch for version 6.1.0.0. The release notes from Admin By Request show that subsequent major versions (7.x and 8.x) are available, but the vulnerability was disclosed in version 6.1.0.0 and the fixed version is not clearly identified in the references [1]. Users should upgrade to a currently supported version of Admin By Request (7.4 or later) to ensure this bypass is addressed. No workaround is provided in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FastTrack/Admin By Requestdescription
- Range: = 6.1.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.