Microsoft container tool patch

Microsoft issued a security advisory for a remote code execution (RCE) vulnerability that exists on the Windows Host Compute Service Shim (hcsshim) library, an open source tool used to import Docker containers and run on Windows systems.

The flaw exists when the hcsshim library fails to properly validate input while importing a container image: 

 “An attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host,” Microsoft posted in the advisory

The security update fixes the RCE vulnerability (CVE-2018-8115) by correcting how the Windows Host Compute Service Shim validates input from container images.

Leave a Comment

Your email address will not be published. Required fields are marked *