Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
Researchers: https://twitter.com/KunlunLab
The Remote Procedure Call (RPC) is used everywhere in windows system. In 2021 BugHunter010 at Cyber KunLun Lab discovered a heap-buffer-overflow vulnerablity in RPC protocol with CVSS score 9.8. This bug has existed in windows system for more than 20 years and could be exploited in various places/ways to achieve unauthenticated remote code execution/priviledge escalation.