Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Kubernetes security flaw lets hackers obtain elevated privileges and take over nodes

If you’re using the latest version, you’re safe

2 min. read

Published onMarch 18, 2024

published onMarch 18, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Kubernetes are often used by developers, but it was recently discovered that the default installation of Kubernetes had a severe security flaw.

The good news is that this isn’t an ongoing issue anymore, but keep on reading to learn how to properly protect yourself.

A critical Kubernetes security flaw was recently patched

A critical Kubernetes security flaw was recently patched

AsTechRadar writes, this flaw was discovered by Akami researchers, and it was tracked as CVE-2023-5588.

To utilize this vulnerability, hackers had to apply malicious YAML files on the cluster. This would allow them to perform remote code execution with SYSTEM privileges on all Windows endpoints within a cluster.

Essentially, the attackers were able to completely take over all Windows nodes in a cluster. This isn’t the only issue, the same researchers found another flaw and tracked it as CVE-2023-3676.

This flaw had a severity of 8.8 and was triggered by the lack of sanitization of the subPath parameter in YAML files. This allowed hackers an opportunity to perform a malicious injection and run their code.

To prevent issues such as these, it’s crucial to verify the configuration of YAML files. Luckily, the issue was patched last November, and if you’re using v1.28.4, v1.27.8, v1.26.11, or v1.25.16 you’re safe.

Other services can be impacted by vulnerabilities, and we recently wrote aboutMicrosoft Office and Skype critical vulnerabilitiesthat are giving users trouble.

Speaking of security, did you know that87% of UK companies are vulnerable to AI cyberattacks?

More about the topics:Cybersecurity

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Milan Stanojevic

Windows Toubleshooting Expert

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s specialized in Windows errors & software issues.