The vulnerability is a double free condition in the Windows Link‑Layer Discovery Protocol (LLDP) stack that can be triggered by an authenticated user on the local system. When exercised, the two frees corrupt the heap and allow the attacker to gain elevated privileges, effectively enabling them to execute code with higher privileges than they originally possessed. The flaw is a classic CWE‑415 issue where deallocation occurs more than once on the same memory object, breaking heap integrity and permitting privilege escalation.

Microsoft Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 22H3, 26H1), and Windows Server 2012, 2012 R2, 2016, 2019, 2022, 2025, and 23H2 editions, including Server Core installations for 2012, 2012 R2, 2016, 2019, 2022, and the 2025 Server Core variant.

The CVSS score of 7 indicates a moderate to high severity, and the vulnerability requires local, authorized access to exploit. No EPSS score is provided, but the lack of a public exploit record and the requirement for a legitimate user reduce the likelihood of widespread attacks. The vulnerability is not currently listed in the CISA KEV catalog, implying no confirmed exploitation in the wild. Nonetheless, attackers who can authenticate to the affected systems should be considered a genuine threat, and the ability to elevate privileges compromises the entire system.