Network Security, Vulnerability Management

Microsoft fixes critical RCE bug in hcsshim library

Microsoft Corporation on Wednesday updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

In order to exploit the vulnerability -- designated CVE-2018-8115, "an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host," a Microsoft advisory states.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Related Events

  • eSummit
    Network security: New tools for an aging art

  • Cybercast
    The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead

    On-Demand Event

  • Cybercast
    Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement

    On-Demand Event

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.