A free‑of‑memory bug in the Windows Ancillary Function Driver for WinSock allows an attacker with local authorization to elevate privileges. The vulnerability occurs when memory not allocated on the heap is improperly freed, creating a scenario that can be leveraged to replace system components or execute privileged code. Local privilege escalation can enable the attacker to bypass authentication controls, access protected data, and execute arbitrary code with higher authority, potentially compromising system integrity and availability.

Microsoft Windows 10 versions 1809, 21H2, and 22H2, as well as Windows Server 2019 and the Server Core installation of Windows Server 2019 are affected. Both x86 and x64 architectures are included, depending on the specific version.

The CVSS score of 7.8 indicates a high severity for a local privilege escalation. However, the EPSS score is reported as less than 1%, suggesting the likelihood of exploitation is low at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to have authenticated access to the target system. Due to the local nature and low exploit probability, the overall risk is moderate, though the potential impact of privilege escalation remains significant.