A vulnerability named PhantomRPC has been identified in Windows Remote Procedure Call (RPC), allowing attackers to escalate privileges to SYSTEM by impersonating legitimate clients via a fake RPC server. Despite the discovery, Microsoft classified it as a 'moderate' issue, stating it requires an already compromised machine and does not allow unauthenticated access. Experts disagree, warning that this flaw could enable privilege escalation across supported Windows versions.
The root issue is that the Windows RPC architecture lacks sufficient verification of legitimate server endpoints. Microsoft suggests following security best practices, but acknowledges that mitigating PhantomRPC might require deep architectural changes, which could disrupt compatibility with existing Windows versions.