Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows RPC PhantomRPC local privilege escalation flaw

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

PhantomRPC in Windows RPC can let a local attacker elevate to System across all Windows versions, creating a high-impact privilege-escalation path. The flaw abuses Windows impersonation behavior and the fact that the RPC runtime does not verify whether an RPC server is legitimate. Kabibo showed that a fake RPC server can hijack requests meant for services such as TermService, Group Policy, Microsoft Edge, WDI, DHCP Client, and w32tm.exe. Microsoft classified the issue as moderate-severity and said it does not require immediate remediation.

Related Happenings

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Microsoft Windows Autopatch fix for EU restricted driver update deployment bug

Security Tool/Service
First: 13.05.2026 17:36 Last: 13.05.2026 17:36 Sources 1

About this happening: **Microsoft** fixed a **Windows Autopatch** service bug that let **restricted driver updates** reach some managed devices in the **EU**, bypassing admin approval controls and crea...

Open Happening

Windows ikeext.dll double-free RCE (CVE-2026-33824)

Vulnerability
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: **CVE-2026-33824** is a **double-free flaw** in **Windows ikeext.dll** that can let an **unauthenticated attacker** trigger **remote code execution** on systems with **IKEv2** ena...

Open Happening

Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)

Vulnerability
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...

Open Happening

Timeline

  1. 28.04.2026 14:31 2 articles · 29d ago

    PhantomRPC Windows RPC privilege escalation analysis

    Technical Analysis Update

    Kaspersky researcher Haidar Kabibo described PhantomRPC as an architectural weakness in the Windows Remote Procedure Call (RPC) mechanism that can let a local attacker elevate privileges to System by abusing Windows impersonation behavior and a fake RPC server, with potential impact across all Windows versions; Kaspersky reported the issue in September 2025, and Microsoft classified it as moderate-severity and said it does not require immediate remediation.

    Show sources
    Open in new tab