TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Malwarebytes Labs

Microsoft won’t patch PhantomRPC: Feature or bug?

6 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1068Exploitation for Privilege Escalation
77%
“microsoft won & # 8217 ; t patch phantomrpc : feature or bug? a researcher has discovered a weakness called phantomrpc that microsoft does not consider a vulnerability it plans to patch. phantomrpc involves windows remote procedure call ( rpc ), the core of communication between …”
T1134.001Token Impersonation/Theft
68%
“##impersonateprivilege does. basically, seimpersonateprivilege is the windows permission that lets a program “ pretend to be you ” after you ’ ve already logged in, so it can do things on your behalf using your level of access. it ’ s needed because many system services and serve…”
T1134.001Token Impersonation/Theft
47%
“systemic local privilege escalation technique that exists in all supported windows versions. the issue at the core of this issue is that the windows rpc runtime does not sufficiently verify that the server a high ‑ privileged client connects to is the intended legitimate endpoint…”
T1068Exploitation for Privilege Escalation
38%
“systemic local privilege escalation technique that exists in all supported windows versions. the issue at the core of this issue is that the windows rpc runtime does not sufficiently verify that the server a high ‑ privileged client connects to is the intended legitimate endpoint…”

Summary

A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix.