A use‑after‑free flaw in the Windows Cloud Files Mini Filter Driver allows an attacker who already has local access to execute code with elevated privileges. The bug exposes the driver to a memory corruption condition that can be exploited to bypass normal security checks, enabling arbitrary code execution inside the context of the operating system. The issue is a classic use‑after‑free vulnerability, marked by CWE‑416, and is also related to a race condition that can lead to the same unsafe memory access, identified as CWE‑367.

Microsoft Windows 10 (versions 1809, 21H2, 22H2), Microsoft Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Microsoft Windows Server 2019, 2022, 2025, and 23H2 Edition, including Server Core installations. All listed editions are affected by the security update that addresses this driver flaw.

The CVSS score of 7.8 indicates a moderate to high severity effect, while the EPSS score is currently not available. The vulnerability is not yet listed in the CISA Known Exploited Vulnerabilities catalog, suggesting it has not been widely compromised. Exploitation requires an authorized local attacker with the ability to trigger the driver, making it a local privilege escalation scenario. Once the use‑after‑free condition is triggered, an attacker can gain system‑level privileges, potentially leading to full system compromise. Given the severity score and the nature of the flaw, the risk is significant for any environment where the affected Windows operating systems are in use.