Cybersecurity researchers uncovered a significant vulnerability in Microsoftβs Windows RPC protocol, which allows attackers to perform spoofing and impersonation attacks. The issue was patched in July 2025, but it highlights weaknesses in RPC and EPM security that could be exploited for privilege escalation. #CVE-2025-49760 #RPCVulnerability
Keypoints
- An unspecified security flaw in Windows RPC protocol enabled spoofing and impersonation attacks before it was patched.
- The vulnerability allows attackers to manipulate core RPC components, staging EPM poisoning to impersonate legitimate servers.
- An attacker can register interfaces of core services and hijack client connections, leading to privilege escalation.
- Tools like RPC-Racer and Certipy can be used to detect or exploit these RPC security weaknesses.
- Monitoring calls to RpcEpRegister and using Event Tracing for Windows can help detect EPM poisoning attempts.
Read More: https://thehackernews.com/2025/08/researchers-detail-windows-epm.html