CVE-2018-8639

Name of the Vulnerable Software and Affected Versions Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers

Description An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. This issue can be exploited by attackers to obtain sensitive information and affect the system. The vulnerability is caused by the Win32k component's improper handling of buffer boundaries in memory, which can allow an attacker to execute arbitrary code in kernel mode using a specially crafted application.

Recommendations For Windows 7, update to a newer version to mitigate the risk. For Windows Server 2012 R2, update to a newer version to mitigate the risk. For Windows RT 8.1, update to a newer version to mitigate the risk. For Windows Server 2008, update to a newer version to mitigate the risk. For Windows Server 2019, update to a newer version to mitigate the risk. For Windows Server 2012, update to a newer version to mitigate the risk. For Windows 8.1, update to a newer version to mitigate the risk. For Windows Server 2016, update to a newer version to mitigate the risk. For Windows Server 2008 R2, update to a newer version to mitigate the risk. For Windows 10, update to a newer version to mitigate the risk. For Windows 10 Servers, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the Win32k component until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. Avoid using specially crafted applications that can exploit the vulnerability in the Win32k component.