CVE-2018-8414

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows 10 Servers versions prior to the fixed version Windows 10 versions prior to the fixed version

Description A remote code execution issue exists due to the Windows Shell not properly validating file paths. This can be exploited by a remote attacker using a specially crafted file association to execute arbitrary code. The vulnerability is related to insufficient input validation in the SettingContent-ms file processing mechanism.

Recommendations For Windows 10 Servers, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to specially crafted SettingContent-ms files to minimize the risk of exploitation. Avoid using the SettingContent-ms file association in sensitive operations until the issue is resolved.