Microsoft won’t patch PhantomRPC: Feature or bug?

The report details 'PhantomRPC', a Windows RPC architectural weakness allowing a process with SeImpersonatePrivilege to host a fake RPC server that can impersonate SYSTEM‑level clients and escalate privileges. The researcher outlined multiple exploitation paths and warned of broad attack surface, while Microsoft judged it a moderate, post‑compromise technique and declined a CVE or bounty; mitigations would require deep RPC architecture changes and adherence to least‑privilege practices.