Network Security, Vulnerability Management

Microsoft fixes critical RCE bug in hcsshim library

Bradley BarthMay 4, 2018

Microsoft Corporation on Wednesday updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

In order to exploit the vulnerability -- designated CVE-2018-8115, "an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host," a Microsoft advisory states.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Threat Intelligence

BlackTech gang hacks Cisco firmware in attacks on multinational corporations

Simon HenderySeptember 28, 2023

The China-linked APT group targeted offshore branch office routers to drop backdoor malware on multinational U.S. and Japanese corporations.

Network Security

Pro-Russian DDoS attacks impact Canada

SC StaffSeptember 19, 2023

Canada had its various government agencies and financial and transportation industries subjected to distributed denial-of-service attacks by pro-Russian cybercrime operation NoName057(16), according to SecurityWeek.

Network Security

Experts fret over fate of CISA cyber programs as shutdown clouds loom

Derek B. JohnsonSeptember 19, 2023

A hearing ostensibly focused on CISA's CDM and EINSTEIN cybersecurity programs took a detour as witnesses strongly warned Congress that a shutdown could imperil federal cybersecurity efforts.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Microsoft fixes critical RCE bug in hcsshim library

Related

BlackTech gang hacks Cisco firmware in attacks on multinational corporations

Pro-Russian DDoS attacks impact Canada

Experts fret over fate of CISA cyber programs as shutdown clouds loom

Related Events

The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead

Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement

Consolidating without compromise: An XDR democast for analysts of all tenure

Get daily email updates