CVE-2015-2382

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version win32k.sys in Windows 8 win32k.sys in Windows 8.1 win32k.sys in Windows Server 2012 Gold and R2 win32k.sys in Windows RT Gold and 8.1

Description The issue is related to the win32k.sys driver in the Windows operating system, which lacks protection for certain data. This allows a local attacker to access sensitive information using a specially crafted application. The vulnerability is caused by the Windows kernel-mode driver leaking private address information during a function call, potentially allowing an attacker to gain information about the system that could be used in combination with other attacks to compromise the system.

Recommendations For Windows 8, consider applying a patch to fix the issue. For Windows 8.1, apply a patch to resolve the vulnerability. For Windows Server 2012 Gold and R2, update to a newer version that includes the fix. For Windows RT Gold and 8.1, install the latest security updates to mitigate the risk. As a temporary workaround, consider restricting access to the win32k.sys driver until a patch is available.