#WindowsEndpoints

Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

by

March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

by

March 13, 2024 at 01:21PM A security bug in Kubernetes allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes in a cluster. Tracked as CVE-2023-5528 with a CVSS score of 7.2, the vulnerability can be exploited by manipulating Kubernetes volumes. The flaw affects … Read more