Microsoft patches Docker remote code execution bug

By

No evidence of public exploit.

Microsoft has issued a patch for a critical vulnerability in the Docker for Windows subsystem that could be exploited for remote code execution on host machines.

Microsoft patches Docker remote code execution bug

Identified as CVE-2018-8115, the flaw affects the Windows Host Compute Service Shim, a management layer abstraction for low-level Docker functionality such as control groups, namespaces, and file system capabilities.

Microsoft explained in a security advisory that the vulnerability could be exploited by attackers to run arbitrary code on targeted systems.

"To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilising the Host Compute Service Shim library to execute malicious code on the Windows host," Microsoft said.

Version 0.6.10 of the Windows Host Compute Service Shim (hcsshim) fixes the vulnerability.

Swiss software engineer Michael Hanselman discovered the issue, and reported it to Microsoft and Docker in February this year.

While Hanselman has yet to publish full details of the vulnerability and a proof of concept for it, at the behest of Microsoft, he explained that it involves imported Docker images being able to make file system changes outside the containers.

While Microsoft rates the vulnerability as critical, the company said that it has not been exploited, nor publicly disclosed.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
containersdockermicrosoftsecurityvirtualisation

Sponsored Whitepapers

Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.

Events

Most Read Articles

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?