MS.Graphics.Component.CVE-2018-8472.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Microsoft Windows Server.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted file. An attacker can exploit this to disclose sensitive information on the affected machine via a crafted file.

Affected Products

Microsoft Windows 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows 7 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows 10 Version 1607
Microsoft Windows 10 version 1703
Microsoft Windows 10 version 1709
Microsoft Windows 10 version 1803
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Windows version 1809
Microsoft Windows Server 2012
Microsoft Windows Server 2012 (Server Core)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core)
Microsoft Windows Server 2016
Microsoft Windows Server 2016 Server Core
Microsoft Windows Server 2019
Microsoft Windows Server version 1709 (Server Core Installation)
Microsoft Windows Server version 1803 (Server Core Installation)

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8472

References