The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.
Home Tools Exploits & CVE's Microsoft Windows WFP Default Rules AppContainer Capability Bypass Privilege Escalation