Use after free vulnerability in the Windows kernel component known as Win32K (GRFX). The flaw permits a locally authenticated user to trigger an uncontrolled memory reference, enabling the attacker to run code with the privileges of the current user token. If the attacker controls a process with higher privileges, the flaw can be used to elevate privileges to that of the target process or to a standard user, thereby bypassing intended limits on user rights.

Affected systems include multiple Windows 10 releases (Version 1607, 1809, 21H2, 22H2), Windows 11 releases (23H2, 24H2, 25H2, 22H3, 26H1), and Windows Server editions encompassing 2012, 2012 R2, 2016, 2019, 2022, 2025, and the 23H2 edition. All of these systems incorporate the Win32K component that contains the vulnerable code path, making them susceptible to the flaw.

The CVSS v3.1 base score of 7 indicates a high‑severity local privilege escalation. The EPSS score is unavailable, and the issue is not listed in CISA’s KEV catalog, which suggests no publicly known exploit at the time of this analysis. However, the flaw requires a local user context to trigger, meaning that a compromised or otherwise authenticated user could potentially abuse the vulnerability to gain elevated privileges on the host. The risk remains significant for systems that expose local accounts with administrative rights or use the vulnerable Win32K pathways for graphics or windowing operations.