Microsoft fixes critical RCE bug in hcsshim library

News by Bradley Barth

Last week Microsoft Corporation updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

Microsoft Corporation on Wednesday updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

To exploit the vulnerability -- designated CVE-2018-8115, "an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilising the Host Compute Service Shim library to execute malicious code on the Windows host," a Microsoft advisory states.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events