CVE-2018-8595

Name of the Vulnerable Software and Affected Versions Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers

Description The issue is related to an information disclosure vulnerability in the Windows GDI component, which improperly discloses the contents of its memory. This can be exploited by attackers to obtain sensitive information using a specially crafted document. The vulnerability is associated with errors in the mechanisms for handling objects in memory.

Recommendations For Windows 7, consider applying configuration changes to restrict access to sensitive information until a patch is available. For Windows Server 2012 R2, restrict access to the GDI component to minimize the risk of exploitation. For Windows RT 8.1, avoid using specially crafted documents that could trigger the vulnerability. For Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.