The vulnerability is a use‑after‑free condition in the RPC Runtime Library that allows an attacker with sufficient authorization to execute code on the target system. The flaw can be triggered by sending specially crafted requests to the vulnerable RPC service, which may lead to arbitrary code execution with the privileges of the RPC process. It is classified as CWE‑416, indicating a classic memory corruption vulnerability. The likely attack vector is network‑based interaction with the RPC service, and the description of an "authorized attacker" implies that the attacker must be authenticated or have sufficient privileges to exploit the flaw. Because the flaw causes code execution, the impact is a complete compromise of confidentiality, integrity, and availability of the affected machine.

Microsoft Windows 10 (versions 1607, 1809, 21H2, 22H2), Microsoft Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Microsoft Windows Server from 2012 through 2025, including all variants such as Server Core, R2 and different architectures; all listed builds include the RPC Runtime Library component and are affected by the use‑after‑free flaw.

The CVSS score of 8.8 marks the defect as High severity. The EPSS score of less than 1 % suggests that exploitation is currently unlikely in the wild. The vulnerability is not listed in the CISA KEV catalog, indicating no known publicly disclosed exploitation yet. In practice, an attacker would need network access to the exposed RPC endpoints and sufficient authorization to trigger the use‑after‑free. If exploited, the attacker could achieve arbitrary code execution, enabling full system compromise.