The vulnerability arises from a race condition caused by improper synchronization within the Windows User Interface Core component. An attacker who already has access to a user account can exploit this flaw to gain elevated privileges on the affected systems. Because the flaw allows unauthorized privilege escalation, it poses a significant threat to confidentiality and integrity of data and system resources. The weakness corresponds to CWE-362 (Race Condition) and CWE-416 (Use After Free).

Affected Microsoft operating systems include Windows 10 versions 1809, 21H2, and 22H2; Windows 11 versions 22H3, 23H2, 24H2, 25H2, and 26H1; and Windows Server editions 2019, 2022, 2025, and 23H2. The flaw impacts a range of processor architectures, including x86, x64, and ARM64, as documented in the product list and supporting CPE entries.

The CVSS base score of 7.8 indicates a high severity vulnerability that can be exploited locally by an authorized user. The exploit requires only local access and does not rely on network activity, making it simpler to deploy on a compromised machine. No usage data is available through EPSS, and the flaw is not listed in the CISA KEV catalog, suggesting that it may not yet be widely targeted by public exploits. Nevertheless, organizations should treat the issue as high risk due to the impact of privilege escalation and the potential for lateral movement within their environments.