The vulnerability is a heap‑based buffer overflow in the Windows Win32K graphics subsystem, specifically the GRFX component. By overflowing a heap buffer, an attacker who already has local access can trigger arbitrary code execution within the context of the Win32K service, which then grants them elevated privileges on the host system. This leads to a local privilege escalation issue, as the attacker can gain higher levels of control—potentially administrator rights—without needing to compromise other accounts or networks. The weakness is classified as CWE‑122.

Affected builds include Microsoft Windows 10 1607, 1809, 21H2 and 22H2, as well as Windows 11 22H3 and 23H2, covering both 32‑bit and 64‑bit (where applicable). Server editions impacted are Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022, with all installations that use Win32K, including Server Core configurations. These are the only platforms explicitly listed as vulnerable in the canonical CNA data.

With a CVSS score of 7.8 the severity is high, yet the EPSS score remains below 1 %, indicating current exploitation in the wild is unlikely. The vulnerability is not listed in CISA’s KEV catalog, so no known widespread attacks exist at the moment. Exploitation requires an authorized local attacker with access to the Win32K service, so the most probable attack vector is a local user or process that can trigger the GRFX heap overflow. The impact is confined to the local machine, but success would allow the attacker to compromise any data or services that the elevated account can access.