Service
IoT Edge
Update Type
Security Update
Update
Microsoft has built a new version of the Moby container runtime, v3.0.6, that includes an update to address a recently reported vulnerability, CVE-2018-15664. We recommend that you update the container runtime on your IoT Edge device even though it does not affect standard IoT Edge devices. The product does not use the ‘docker cp’ command which is the point of attack; however it’s possible that advanced scenarios are vulnerable. Modules that have been created with elevated privileges and a mounted docker socket are at a higher risk.
Context
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664
Reference
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2018-15664/

Back to List