The vulnerability is a use‑after‑free flaw within Microsoft’s Brokering File System component. An attacker who is already authenticated and holds local user rights can trigger the flaw to obtain elevated privileges on the affected machine. The bug represents a race condition (CWE‑362) that leads to a wrongful deallocation of a memory reference (CWE‑416), allowing the attacker to execute arbitrary code with higher privileges. The consequence of successful exploitation would be loss of confidentiality, integrity, and availability for the compromised system, as the attacker could run code with system‑level permissions.

Microsoft Windows 11 22H3, 23H2, 24H2, 25H2, 26H1 and Microsoft Windows Server 2022 23H2 Edition (Server Core) as well as Microsoft Windows Server 2025 (both standard and Server Core installations) are affected by this flaw.

The assigned CVSS score of 7.8 indicates a high severity vulnerability. No EPSS score is available and the issue is not listed in the CISA KEV catalog, suggesting that it is not currently known to be actively exploited in the wild. The likely attack vector is local; an adversary with authorized access to a target machine must perform the triggering operation to exploit the use‑after‑free code path.