a patch for a critical remote code execution flaw a ffecting Vulnerability-related.DiscoverVulnerabilitya Windows service used for importing Docker container images . The vulnerability , t racked as Vulnerability-related.DiscoverVulnerabilityCVE-201808115 , is due to the Windows Host Compute Service Shim ( hcsshim ) library not properly validating input from container images while importing them . A remote attacker could execute malware on a Windows host using a malicious Docker container image if they managed to trick an authenticated administrator to import it in Docker for Windows , which uses the hcsshim library . `` An attacker who successfully e xploited Vulnerability-related.DiscoverVulnerabilitythe vulnerability could execute arbitrary code on the host operating system , '' Microsoft notes in its advisory . The vulnerability h asn't been publicly disclosed.Vulnerability-related.DiscoverVulnerabilityAnyone using Docker for Windows c an resolve Vulnerability-related.PatchVulnerabilitythe issue today by i nstalling Vulnerability-related.PatchVulnerabilityversion 0.6.10 of hcsshim . The patch i s available Vulnerability-related.PatchVulnerabilityfrom Microsoft 's security advisory or from Microsoft 's GitHub page . Hcsshim , which is written in Go , is an open-source wrapper that Microsoft developed for use with its Host Compute Service , a container management API in Windows Hyper-V virtualization for Docker . The HCS abstraction layer is Microsoft 's way of allowing Docker containers to use Linux kernel features on Windows , such as Linux Namespaces and Control Groups . Hanselmann explains that the flaw stems from hccshim 's use of a function from Go and the failure to sanitize input from an imported container image . `` Its use of Go 's filepath.Join function with unsanitized input [ made it possible ] to create , remove and replace files in the host file system , leading to remote code execution , '' he noted . `` Importing a Docker container image or pulling one from a remote registry is n't commonly expected to make modifications to the host file system outside the Docker-internal data structures . '' Separately , Microsoft i s reportedly working Vulnerability-related.PatchVulnerabilityon a fix for a `` fatal flaw '' in its initial Windows 10 fix for the Meltdown CPU vulnerability . It 's b een patched Vulnerability-related.PatchVulnerabilityin the new Windows 10 April 2018 Update , according to Alex Ionescu , chief architect at Crowdstrike , but has n't been backported to previous versions of Windows 10 .