Windows Communication Foundation (WCF) is a framework for building service-oriented applications in the .NET Framework. A trend that the VerSprite Research team noticed in .NET services is the exposure of dangerous methods through insecure WCF endpoints. Most of these services are started automatically as LocalSystem, which is the highest user privilege level available.
This results in a situation where a WCF endpoint may become a gateway for normal users to abuse privileged service methods.
Download this presentation for a high-level overview of the WCF terminals and receive a practical analysis.