CTI Swarm
Zurück zu allen Deep Dives
SECURELIST

PhantomRPC: A new privilege escalation technique in Windows RPC

Strategische Zusammenfassung

Describes a new privilege escalation technique in Windows RPC that could allow attackers to gain SYSTEM privileges on fully patched systems, increasing risk of lateral movement and domain compromise.

Volltext

Title: PhantomRPC: A new privilege escalation technique in Windows RPC

URL Source: https://securelist.com/phantomrpc-rpc-vulnerability/119428/

Published Time: 2026-04-24T08:00:12+00:00

Markdown Content: # Disclosing PhantomRPC – a privilege escalation vulnerability in RPC | Securelist

* [Consent](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#) * [Details](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#) * [[#IABV2SETTINGS#]](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#) * [About](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#)

This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

[#GPC_BANNER_ICON#]

[#GPC_TOAST_TEXT#]

Consent Selection

**Necessary**

- [x]

**Preferences**

- [x]

**Statistics**

- [x]

**Marketing**

- [x]

[Show details](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#)

Details

* Necessary 14- [x] Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

* [Cookiebot 3](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#)[Learn more about this provider](https://www.cookiebot.com/goto/privacy-policy/ "Learn more about this provider Cookiebot's privacy policy - opens in a new window")**CookieConsent[x3]**Stores the user's cookie consent state for the current domain**Maximum Storage Duration**: 1 year**Type**: HTTP Cookie * [Google 6](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#)[Learn more about this provider](https://business.safety.google/privacy/ "Learn more about this provider Google's privacy policy - opens in a new window")Some of the data collected by this provider is for the purposes of personalization and measuring advertising effectiveness.

**test_cookie**Used to check if the user's browser supports cookies.**Maximum Storage Duration**: 1 day**Type**: HTTP Cookie **_GRECAPTCHA**This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.**Maximum Storage Duration**: 180 days**Type**: HTTP Cookie **rc::a**This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.**Maximum Storage Duration**: Persistent**Type**: HTML Local Storage **rc::b**This cookie is used to distinguish between humans and bots. **Maximum Storage Duration**: Session**Type**: HTML Local Storage **rc::c**This cookie is used to distinguish between humans and bots. **Maximum Storage Duration**: Session**Type**: HTML Local Storage **rc::f**This cookie is used to distinguish between humans and bots.

[… 102,983 Zeichen — nächste Zone: keyword-dense paragraphs …]

**_gcl_au[x4]**Used to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate of the website’s ads across multiple websites.**Maximum Storage Duration**: 3 months**Type**: HTTP Cookie **IDE**Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.**Maximum Storage Duration**: 400 days**Type**: HTTP Cookie **gmp\conversion#**Pending**Maximum Storage Duration**: Session**Type**: Pixel Tracker **pagead/1p-conversion/#/**Tracks the conversion rate between the user and the advertisement banners on the website - This serves to optimise the relevance of the advertisements on the website. **Maximum Storage Duration**: Session**Type**: Pixel Tracker **AwinChannelCookie**Pending**Maximum Storage Duration**: Session**Type**: HTTP Cookie **_gcl_ls**Tracks the conversion rate between the user and the advertisement banners on the website - This serves to optimise the relevance of the advertisements on the website. **Maximum Storage Duration**: Persistent**Type**: HTML Local Storage * [Twitter Inc.2](https://securelist.com/phantomrpc-rpc-vulnerability/119428/#)[Learn more about this provider](https://twitter.com/en/privacy "Learn more about this provider Twitter Inc.'s privacy policy - opens in a new window")**__cf_bm**This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.**Maximum Storage Duration**: 1 day**Type**: HTTP Cookie **i/jot/embeds**Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement.

* [Products](https://www.kaspersky.com/enterprise-security/products?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f) * * [Kaspersky Next NEW!](https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)[Learn […]

* [Services](https://www.kaspersky.com/enter […]

[… 102,147 Zeichen — nächste Zone: tail …]

[Other sections](https://securelist.com/phantomrpc-rpc-vulnerability/119428/)

* [Archive](https://securelist.com/all/) * [All tags](https://securelist.com/tags/) * [Webinars](https://securelist.com/webinars/) * [APT Logbook](https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f) * [Statistics](https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f) * [Encyclopedia](https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f) * [Threats descriptions](https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f) * [KSB 2025](https://lp.kaspersky.com/global/ksb2025/) * [Kaspersky ICS CERT](https://ics-cert.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)

© 2026 AO Kaspersky Lab. All Rights Reserved.

Registered trademarks and service marks are the property of their respective owners.

* [Privacy Policy](https://www.kaspersky.com/web-privacy-policy?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d) * [Terms of use](https://securelist.com/terms-of-use/) * [License Agreement](https://www.kaspersky.com/end-user-license-agreement?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d) * [Cookies](javascript: void(0);)