FAQ - RCE - Event Tracing for Windows - Remote Procedure Call
How can an attacker exploit this vulnerability? An authenticated attacker could potentially take advantage of this vulnerability to execute malicious code through the Event Log's Remote Procedure Call (RPC) endpoint on the server-side.
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.
FAQ
What is a Remote Procedure Call? Remote Procedure Call (RPC) is a communication mechanism that allows computers to communicate with one another over a network. An RPC consists of a procedure identifier, parameters passed to the procedure, and a value returned to the caller (client computer) after the procedure has executed on the remote system (server computer). See Remote procedure call (RPC) for more information.
Mitigation
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: Access to the Event Log service endpoint is blocked by default and a firewall rule change is required to make the endpoint accessible from a locally triggered attack.