Network Security, Vulnerability Management

Microsoft fixes critical RCE bug in hcsshim library

May 4, 2018

Microsoft Corporation on Wednesday updated its Windows Host Compute Service Shim (hcsshim) library to correct a critical remote code execution bug caused by improper input validation when importing a container image.

In order to exploit the vulnerability -- designated CVE-2018-8115, "an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host," a Microsoft advisory states.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Apache HTTP Server website (www.apache.org) displayed on smartphone

Network Security

Apache fixes Traffic Control bug that attackers could exploit

Steve ZurierDecember 26, 2024

Security teams should immediately patch 9.9 vulnerability in web content distribution platform.

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

Network Security

Cyberattack defers Japan Airlines flights

SC StaffDecember 26, 2024

Japan Airlines, the country's flag carrier, had over 20 domestic flights and some international trips delayed following a cyberattack, which also impacted ticket purchases and luggage services, Kyodo News reports.

Network Security

Novel BellaCiao malware variant launched by Charming Kitten

SC StaffDecember 26, 2024

Attacks with an updated C++ variant of the BellaCiao dropper malware dubbed "BellaCPP" have been deployed by Iranian state-backed threat operation Charming Kitten — also known as APT35, CharmingCypress, CALANQUE, Mind Sandstorm, TA453, Newscaster, and Yellow Garuda — to facilitate further payload delivery, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Microsoft fixes critical RCE bug in hcsshim library

An In-Depth Guide to Network Security

Related

Apache fixes Traffic Control bug that attackers could exploit

Cyberattack defers Japan Airlines flights

Novel BellaCiao malware variant launched by Charming Kitten

Related Events

Building Modern Network security: Forecast and guidance: Late 2024, early 2025

The Security Experts Next Door: Enterprise Defense on a Lean Budget

Network security: New tools for an aging art

Get daily email updates