Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. The flaw received the tracking number CVE-2020-11492 and could be exploited to impersonate Docker Desktop Service, which runs with SYSTEM permissions. Docker addressed the problem in version 2.3.0.2, released on May 11 after receiving the initial details on March 25. An attacker could use this to elevate privileges on an already compromised system with code that runs in the context of a process that has impersonation permission.
Source: https://www.bleepingcomputer.com/news/security/docker-fixes-windows-client-bug-letting-programs-run-as-system/