14 DAY TRIAL // Microsoft has patched a critical remote code execution vulnerability in the Windows Host Computer Service Shim (hcsshim) library that can allow an attacker to run malicious code on a Windows system.
The security flaw was discovered by researcher Michael Hanselmann, who found out that using the Go function with unsanitized input can provide a potential attacker with the capabilities of running arbitrary code and be allowed to create, remove, and replace files on a Windows host.
The vulnerability was reported to Microsoft in February this year, and it was fixed this month with an updated version of hcsshim, available right now from GitHub.
Microsoft says exploitation is unlikely
Detailed in CVE-2018-8115, the flaw was assigned a critical severity rating, but Microsoft says exploitation is unlikely.
“A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image,” Microsoft says in the security advisory.
“To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host.”
Microsoft explains that what the patch does is address the way the Windows Host Compute Service Shim validates input from container images, thus blocking the loading of malicious code in crafted files.
Technical details of the security bug haven’t been disclosed, but Hanselmann says an in-depth description and a proof-of-concept exploit will be published on May 9 following an agreement with Microsoft’s security response center.
Microsoft will release this month’s security fixes as part of the May 2018 Patch Tuesday on May 8, at which point all systems are supposed to be protected against any possible attack.