From e2c04b233e19090787f0371a3a0ab87afefd5fc8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 06:28:29 +0000 Subject: [PATCH 1/2] Initial plan From 05e9e158977287b73a72455900661260470f514f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 9 Feb 2026 06:34:34 +0000 Subject: [PATCH 2/2] Fix DLL injection vulnerability from Astrill VPN Remove LOAD_LIBRARY_SEARCH_USER_DIRS flag from SetDefaultDllDirectories to prevent third-party DLL injection. This fixes crashes caused by Astrill VPN's ASProxy64.dll being injected into RustDesk process. Fixes: https://github.com/rustdesk/rustdesk/discussions/7010#discussioncomment-15739560 Co-authored-by: 21pages <14891774+21pages@users.noreply.github.com> --- src/platform/windows.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/platform/windows.rs b/src/platform/windows.rs index c40e87441e1..84fced0cfe9 100644 --- a/src/platform/windows.rs +++ b/src/platform/windows.rs @@ -34,7 +34,7 @@ use std::{ }; use wallpaper; #[cfg(not(debug_assertions))] -use winapi::um::libloaderapi::{LoadLibraryExW, LOAD_LIBRARY_SEARCH_USER_DIRS}; +use winapi::um::libloaderapi::LoadLibraryExW; use winapi::{ ctypes::c_void, shared::{minwindef::*, ntdef::NULL, windef::*, winerror::*}, @@ -1886,7 +1886,9 @@ unsafe fn set_default_dll_directories() -> bool { } type SetDefaultDllDirectories = unsafe extern "system" fn(DWORD) -> BOOL; let func: SetDefaultDllDirectories = std::mem::transmute(func); - if func(LOAD_LIBRARY_SEARCH_SYSTEM32 | LOAD_LIBRARY_SEARCH_USER_DIRS) == FALSE { + // Only search system directories to prevent DLL injection from third-party software + // such as Astrill VPN (ASProxy64.dll). See: https://github.com/rustdesk/rustdesk/discussions/7010#discussioncomment-15739560 + if func(LOAD_LIBRARY_SEARCH_SYSTEM32) == FALSE { eprintln!( "SetDefaultDllDirectories failed: {}", io::Error::last_os_error()