Not sure why Microsoft keep making screwing those patches.
Here's details about the bug - https://github.com/klinix5/ProfSvcLPE/blob/main/write-up.docx
PoC - https://github.com/klinix5/ProfSvcLPE/tree/main/DoubleJunctionEoP
This bug require another user password that's different from the current one, I'm not sure. But it might be possible to do it without knowing someone else password.
The PoC must be tested with standard user privileges with another standard user password. If it succeeds, it will spawn a SYSTEM shell.
At the time of writing this, this vulnerability affects every server and desktop edition including 11 and server 2022.