Privilege escalation vulnerability patched in Docker Desktop for Windows

Posted by AngelaWong, 23-05-2020

A severe privilege escalation vulnerability has been patched in the Windows Docker Desktop Service
On Friday, cybersecurity researchers from Pen Test Partners publicly disclosed the problem, a privilege escalation vulnerability buried in how the software uses pipes.

The vulnerability, tracked as CVE-2020-11492, was discovered after analyzing how Docker Desktop for Windows -- the primary service platform for Docker -- uses named pipes when communicating as a client to child processes.

According to the team, the software "can be tricked into connecting to a named pipe that has been set up by a malicious lower privilege process."

"Once the connection is made, the malicious process can then impersonate the Docker Desktop Service account (SYSTEM) and execute arbitrary system commands with the highest level privileges," the researchers added.

The download and installation of Docker Desktop for Windows includes a Windows service called Docker Desktop Service that is always running by default in preparation for the software to launch.

Once opened, the Docker software will create a number of child processes to manage functions including image creation. Windows named pipes are used to facilitate inter-process communication (IPC) including the transfer of application-specific data.

More information