Information security
fromSecurityWeek
7 hours agoNo Patch for New PhantomRPC Privilege Escalation Technique in Windows
A vulnerability in Windows RPC allows attackers to elevate privileges, affecting all Windows versions.
This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles. While the exploit requires a specific time-based window (10-30 days), the resulting impact is a complete compromise of the host system.
The issue focuses on how Windows handles these directories for specific user sessions. Because the kernel creates a DOS device object directory on demand, rather than at login, it cannot check whether the user is an admin during the creation process. Unlike UAC, Administrator Protection uses a hidden shadow admin account whose token handle can be returned by the system when calling the NtQueryInformationToken API function.
But what happens when you need more granularity? How do you grant write access to a file to just one specific user who isn't the owner and isn't in the owning group? How do you allow two different groups read access, but only one of them write access? How do you ensure files created in a shared directory automatically get specific permissions for a certain team?
Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0 "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in an advisory released on February 17, 2026.