Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical security vulnerability has been discovered in Docker Desktop for Windows that allows attackers to hijack Windows hosts. This flaw, identified as CVE-2023-XXXX, enables threat actors to escalate privileges and execute arbitrary code on the host system by exploiting Docker Desktop's integration with Windows. The vulnerability poses a significant risk to organizations relying on Docker for containerized application deployment, as it can lead to full system compromise. Docker has released an urgent patch to address this issue, urging users to update immediately to mitigate potential attacks. Security researchers emphasize the importance of timely updates and recommend monitoring for unusual activity in environments running Docker Desktop on Windows. This incident highlights the ongoing challenges in securing container platforms and the need for robust security practices in DevOps workflows. Users are advised to follow best practices such as least privilege principles, network segmentation, and continuous vulnerability assessments to protect their infrastructure from similar threats. The discovery of this flaw underscores the critical nature of supply chain security and the potential impact of vulnerabilities in widely used development tools.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 25 Aug 2025 15:15:14 +0000

Cyber News related to Critical Docker Desktop flaw lets attackers hijack Windows hosts

15 Best Docker Monitoring Tools in 2025 - What is Good ?What Could Be Better ?cAdvisor monitors containers without much overhead because to its minimal resource footprint.Real-time monitoring is its main focus, and historical data storage is limited.It simplifies troubleshooting using ...
7 months ago Cybersecuritynews.com

Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
2 years ago Feeds.dzone.com

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
1 year ago Thehackernews.com

Critical Docker Desktop flaw lets attackers hijack Windows hosts - A critical security vulnerability has been discovered in Docker Desktop for Windows that allows attackers to hijack Windows hosts. This flaw, identified as CVE-2023-XXXX, enables threat actors to escalate privileges and execute arbitrary code on the ...
6 months ago Bleepingcomputer.com CVE-2023-XXXX

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
2 years ago Feeds.dzone.com

Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
2 years ago Infosecurity-magazine.com

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com

CVE-2024-6222 - In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 ...
1 year ago Tenable.com

NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data - Organizations using NVIDIA Container Toolkit or Docker on Linux are at risk, especially those running AI workloads like machine learning for healthcare, finance, or autonomous systems. A critical vulnerability in NVIDIA’s Container Toolkit, ...
10 months ago Cybersecuritynews.com CVE-2024-0132

CVE-2025-10657 - In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature ...
5 months ago

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network - These Remote Desktop vulnerabilities were among 72 flaws addressed in Microsoft’s May Patch Tuesday, which also fixed five actively exploited zero-day vulnerabilities, including issues in Windows DWM Core Library, Windows Common Log File System ...
9 months ago Cybersecuritynews.com CVE-2025-29966

Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke

Weekly Cyber Security News Letter - Last Week's Top Cyber Attacks & Vulnerabilities - A critical vulnerability in Windows Defender Application Control (WDAC) has been uncovered, allowing attackers to bypass strict security policies using WinDbg Preview, a Microsoft Store app. A vulnerability in the FireEye EDR agent allows attackers ...
10 months ago Cybersecuritynews.com Hunters Akira

Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
11 months ago Bleepingcomputer.com

CVE-2023-0629 - Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the ...
2 years ago

10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
2 years ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
2 years ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions - Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). The policy, named “Windows 11 24H2 ...
11 months ago Cybersecuritynews.com

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
2 years ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104

New Malware Campaign Exploits 9hits in Docker Assault - Security researchers have uncovered a novel cyber-attack campaign targeting vulnerable Docker services. The attacks mark the first documented case of malware utilizing the 9hits application as a payload. Discovered by Cado Security Labs, the campaign ...
2 years ago Infosecurity-magazine.com

CVE-2022-39206 - Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a ...
3 years ago

Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry - A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) ...
10 months ago Cybersecuritynews.com CVE-2025-4095

Microsoft: Recent Windows updates cause Remote Desktop issues - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a new ...
11 months ago Bleepingcomputer.com