Microsoft Windows Graphics Component Privilege Escalation Vulnerability

A use-after-free vulnerability has been identified in the Microsoft Graphics Component, allowing an authorized attacker to locally elevate privileges. This vulnerability requires exploitation of a race condition, and successful exploitation could lead to a scope change, allowing access to the host environment in a GPU paravirtualization scenario.

Impact

Exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges.

Remediation

Users can download the security update for this vulnerability via the Microsoft Update Catalog. Security update KB5073722 is available for Windows Server 2016, Windows 10 Version 1607 (both x64 and 32-bit systems), Windows Server 2025, Windows 11 Version 24H2 (for both x64 and ARM64-based systems), Windows Server 2022 (Server Core installation), Windows 11 Version 23H2 (for both x64 and ARM64-based systems), Windows 11 Version 25H2 (for both x64 and ARM64-based systems), Windows Server 2022, Windows Server 2019 (both Server Core installation and regular version), and Windows 10 Version 1809 (for both x64 and 32-bit systems).