Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability

A use-after-free vulnerability has been identified in the Windows Ancillary Function Driver for WinSock. This vulnerability allows an authorized attacker to locally elevate privileges. It affects several different versions and ranges of Windows Server 2008 and Windows Server 2008 R2.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain administrator rights.

Remediation

To address this vulnerability, users should install the Out-of-Band (OOB) updates released on May 13, 2025. These updates are cumulative, so if the May 2025 monthly rollup or security-only updates have already been installed, the OOB updates must also be applied. The specific OOB update to install depends on the version of Windows Server 2008 or 2008 R2 in use.