CVE-2015-2381

Name of the Vulnerable Software and Affected Versions Windows 8 versions 8 through 8.1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT Gold and 8.1

Description The issue is related to the win32k.sys driver in the Windows kernel-mode drivers, which allows local users to obtain sensitive information from kernel memory via a crafted application. This is due to the lack of protection for internal data. An attacker could exploit this to gain information about the system, potentially combining it with other attacks to compromise the system.

Recommendations For Windows 8, update to a version that includes the fix for this issue. For Windows 8.1, apply the necessary patch to resolve the information disclosure vulnerability. For Windows Server 2012 Gold and R2, ensure that all security updates are applied to prevent exploitation. For Windows RT Gold and 8.1, consider restricting access to sensitive information until a patch is available. As a temporary workaround, consider disabling any unnecessary functionality related to the win32k.sys driver until a patch is available.