A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailable services.
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
Summary + source link. No paywalls, no tracking.