A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks.
The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services and potentially escalate privileges or steal sensitive credentials.
https://gbhackers.com/windows-rpc-protocol-exploited/