The Windows TCP/IP Denial of Service Vulnerability can be triggered by an adversary with network access from an adjacent subnet. When exploited, the vulnerability causes the system to become unreachable, effectively denying service to any local or remote clients that rely on the affected host for network connectivity. Based on the assigned CWE-476, the weakness likely involves a null pointer dereference within the TCP/IP stack. The vulnerability does not directly compromise data confidentiality or integrity, but it does interrupt availability for the compromised machine and any services hosted on it.

The flaw impacts a broad range of Microsoft Windows editions. Supported client operating systems include Windows 10 releases 1607, 1809, 21H2, and 22H2, as well as Windows 11 releases 23H2, 24H2, 25H2, and 26H1. Server editions from Windows Server 2012 (regular and Server Core) through Windows Server 2025 (including Server Core variants) are also affected. All listed CPEs indicate x64 and arm64 architectures where applicable.

The CVSS base score is 7.4, reflecting a high severity for the denial of service impact. The EPSS score is < 1%, indicating a very low exploitation probability, and the vulnerability has not been added to the CISA KEV catalog, suggesting limited publicly known exploitation at this time. The likely attack vector is remote over the local network, where an attacker can send crafted packets to trigger the null pointer dereference. Exploitation requires only network access to the target machine and does not demand elevated privileges or physical presence.