This year, security researcher Yuki Chen (@guhe120) has found and reported 50+ server side remote code execution bugs in various components in Micorosft Windows, including the DNS Server, EFS, NFS, LDAP, SMB, RPC, RAS.
Since Microsoft Windows is a mature system which has been continuously researched by researchers all over the world for decades, finding bugs with such volume (50+) and severity (server-side remote code exeuction) in Windows in year 2022 is something epic. And we can’t find such a record in Microsoft’s security bulletin in the past years.
One example of these bugs is CVE-2022-26809, a pre-auth remote code execution bug in Windows RPC runtime with CVSS 9.8:
https://twitter.com/search?q=CVE-2022-26809
As soon as this bug was published in April 2022, it became hot topic among infosec community immediately and many researchers from different areas started to analyze the bug and tried to figure out the exploit. And this is only one of the 25 RCE bugs Yuki reported that month.