CVE-2018-8494

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services versions prior to the fixed version Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers

Description The issue is related to the incorrect restriction of XML links to external objects in Microsoft XML Core Services. This can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. The vulnerability affects various Windows operating systems and can be exploited remotely.

Recommendations For Windows 7, consider applying the relevant security patch to fix the issue. For Windows Server 2012 R2, apply the security update to resolve the vulnerability. For Windows RT 8.1, install the latest security patch to mitigate the risk. For Windows Server 2008, apply the recommended fix to address the issue. For Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers, update to the latest version or apply the relevant security patch to fix the vulnerability. As a temporary workaround, consider restricting the use of the MSXML parser until a patch is available.