Microsoft won’t patch PhantomRPC: Feature or bug?

Microsoft won’t patch PhantomRPC: Feature or bug?

Geräte hinzufügen oder aktualisieren > Sie haben noch kein Konto? Registrieren > Try our antivirus with a free, full-featured 14-day trial Protect your team’s devices and data – no IT skills needed Explore award-winning endpoint security for your business A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call (RPC), the core of communication between Windows processes. The vulnerability lets a process with impersonation rights escalate to SYSTEM by impersonating high‑privileged clients that connect to a fake RPC server. The researcher presented a detailed technical report outlining five exploitation paths, including coercion, user interaction, or background services. They warned that potential vectors are “effectively unlimited” because the root issue is architectural. M

Source: https://www.malwarebytes.com/blog/news/2026/04/microsoft-wont-patch-phantomrpc-feature-or-bug