DCE/RPC Inspectors
A Remote Procedure Call (RPC) enables programs on one system (computer) to invoke a procedure or function on a different system (computer). An RPC is a network protocol that the calling program (client) uses to communicate with the service on a system (server) that implements the called procedure. DCE/RPC is a protocol that enables the RPC feature in a Distributed Computing Environment (DCE) system. Microsoft’s implementation of the DCE/RPC protocol is referred to as MSRPC.
In recent years, the DCE/RPC protocol has been used as an attack vector by bad actors. Some of the recently noted DCE/RPC-related vulnerabilities include the PrintNightmare vulnerabilities (CVE-2021-1675, CVE-2021-34527, and CVE-2021-34527), the zero-click exploit targeting Microsoft RPC services (CVE-2022-26809), and the out-of-bounds write vulnerability on vCenter Server (CVE-2023-34048).
Detecting the exploits and attacks against the DCE/RPC protocol is important. The DCE/RPC inspectors...
