The vulnerability is a use‑after‑free flaw in the Windows Desktop Window Manager (DWM) Core Library that an attacker who already has local access can exploit to raise privileges. By triggering the freed memory usage, the attacker can cause the DWM process to execute code at a higher privilege level, potentially enabling them to adopt administrative rights or tamper with system configuration. Because the flaw requires local authorization, the attack surface is limited to users who can log in to the affected machine, but the impact is significant as it lets a low‑privilege user become a full administrator.

The flaw affects multiple recent Windows releases, including Windows 10 versions 1809, 21H2, 22H2, Windows 11 versions 23H2, 24H2, 25H2, 26H1, and Windows Server 2019, 2022, and 2025 (both full and Server Core installations). All editions that ship the DWM Core Library in the standard configuration are vulnerable according to Microsoft’s advisory.

The CVSS score of 7.8 indicates a high severity for local privilege escalation. EPSS scores are not available, so the current exploit probability is unknown, but the flaw is not listed in the CISA KEV catalog. The likely attack vector is local, requiring an authenticated or system‑level attacker, and would involve a custom exploit that re‑uses freed memory to gain elevated rights. Given the lack of publicly available published exploits and the need for local access, the risk is moderate to high for environments where regular patching is not practiced.