No Patch for New PhantomRPC Privilege Escalation Technique in Windows
A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek.
A vulnerability in the Windows Remote Procedure Call (RPC) mechanism allows attackers to elevate their privileges to System, Kaspersky reports.
The local privilege escalation issue potentially affects all Windows versions and abuses another legitimate Windows mechanism, where processes are allowed to impersonate other processes to perform specific actions.
The root cause of the security defect, which Kaspersky researcher Haidar Kabibo named PhantomRPC, is an architectural weakness, potentially turning any process that depends on RPC into a possible escalation path.
Source: https://www.securityweek.com/no-patch-for-new-phantomrpc-privilege-escalation-technique-in-windows/
Related breach coverage
- Incomplete Windows Patch Opens Door to Zero-Click Attacks2026-04-27
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek.
- ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover2026-04-30
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek.
- Iranian Cyber Group Handala Targets US Troops in Bahrain2026-04-29
US service members received WhatsApp messages claiming they would be targeted with drones and missiles. The post Iranian Cyber Group Handala Targets US Troops in Bahrain appeared first on SecurityWeek.
- Critical GitHub Vulnerability Exposed Millions of Repositories2026-04-29
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.