Rpc

2026-05-17
NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021
Two unrelated bugs in the last month — an incomplete APT28 patch and an unpatched RPC defect — both hand attackers a 1990s-era credential primitive. The fact that NTLM coercion still works in 2026 is not a series of accidents. It is the model.
ntlm coercion windows active-directory relay kerberos rpc trend-analysis opinion
vulnerability 2026-04-26
PhantomRPC: Five Endpoint-Spoofing Paths to SYSTEM on Every Windows Build, No Patch Coming
Kaspersky disclosed PhantomRPC at Black Hat Asia 2026 — an architectural flaw in rpcrt4.dll that lets a low-priv process register a rogue RPC endpoint and hijack SYSTEM-level callers. Microsoft declined to patch.
windows rpc privilege-escalation kaspersky black-hat no-patch endpoint-mapper epm lpe

NTLM Coercion's Quiet Resurgence: Why 2026's Zero-Click Attacks Look Like 2021