Get a Pentest and security assessment of your IT network.

Cyber Security

Docker fixes Windows client bug letting programs run as SYSTEM

Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. The flaw received the tracking number CVE-2020-11492 and could be exploited to impersonate Docker Desktop Service, which runs with SYSTEM permissions. Docker addressed the problem in version 2.3.0.2, released on May 11 after receiving the initial details on March 25. An attacker could use this to elevate privileges on an already compromised system with code that runs in the context of a process that has impersonation permission.

Source: https://www.bleepingcomputer.com/news/security/docker-fixes-windows-client-bug-letting-programs-run-as-system/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation