Named pipe and MSRPC

MSRPC: all RPC services running inside a process can be reached using any opened endpoint
- Most Windows services run RPC services and are executed in shared processes (lsass.exe, services.exe, svchost.exe)
RPC services need to register a security callback function to avoid this vulnerability
- The security callback function must verify if the expected endpoint was used
- RpcServerRegister2() and RpcServerRegisterIfEx() APIs
- http://msdn.microsoft.com/library/en-us/rpc/rpc/be_wary_of_other_rpc_endpoints_running_in_the_same_process.asp

MSRPC: all RPC services running inside a process can be reached using any opened endpoint