The description indicates a use‑after‑free condition in the Windows Ancillary Function Driver for WinSock that lets an attacker with local access trigger a race condition. This vulnerability is a classic race condition (CWE‑362). Based on the description, it is inferred that the attacker can elevate privileges from a standard user to a higher privilege level, potentially giving them full control over the affected system. The impact is confined to the machine and does not allow remote code execution or network‑wide compromise.

Microsoft Windows 10 versions 1607, 1809, 21H2, 22H2; Windows 11 versions 23H2, 24H2, 25H2, 26H1; and Windows Server 2012, 2012 R2, 2016, 2019, 2022, and 2025 (including core installations). All affected editions use the Ancillary Function Driver for WinSock and are therefore susceptible if unpatched.

The CVSS score of 7.0 indicates a high severity. The EPSS score is not available, which means the current model cannot estimate exploitation probability, but the lack of a public exploit suggests low to moderate real‑world risk at present. The vulnerability is not listed in the CISA KEV catalog, so no known widespread exploitation has been reported. Because the attacker must be local and authorized, the attack surface is limited to users with physical or remote console access. The likely attack vector requires the attacker to trigger the use‑after‑free race, which is typically complex and may need custom code or a local privilege escalation tool.