Blog Security Research Exploring Three Remote Code Execution Vulnerabilities in RPC Runtime Ben Barnea is a Security Researcher at Akamai with interest and experience in conducting low-level security research and vulnerability research across various architectures, including Windows, Linux, IoT, and mobile. He enjoys learning how complex mechanisms work and, more important, how they fail. Executive summary \r\n Akamai researcher Ben Barnea found three important vulnerabilities in Microsoft Windows RPC runtime that were assigned CVE-2023-24869 , CVE-2023-24908 , and CVE-2023-23405 , all with a base score of 8.1. \r\n \r\n The vulnerabilities can lead to remote code execution. Since the RPC runtime library is loaded into all RPC servers, and these are commonly used by Windows services, all Windows versions (Desktop and Server) are affected. \r\n \r\n The vulnerabilities are integer overflows in three data structures used by the RPC runtime.…