PhantomRPC: A new privilege escalation technique in Windows RPC

This research details an architectural weakness in Windows RPC/ALPC that allows processes with SeImpersonatePrivilege to deploy fake RPC servers (mimicking legitimate endpoints such as TermService, DHCP, and W32Time) and call RpcImpersonateClient to escalate privileges to SYSTEM or Administrator; the paper demonstrates five exploitation paths, provides an ETW-based detection workflow and PoC tools, and reports that Microsoft classified the issue as moderate and did not issue a patch or CVE.