back to article Don't want your Kubernetes Windows nodes hijacked? Patch this hole now

A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled. Peled found the vulnerability, tracked as CVE-2024-9042, while conducting …

  1. rgjnk Bronze badge
    Alert

    Good that it's fixed but...

    This really would have been a truly niche issue wouldn't it? Tiny footprint affected and in any case required API access to do anything.

    It's nice that it's sorted but to be honest who cares? Lots of other stuff is fixed too with much bigger potential impacts.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Good that it's fixed but...

      Yeah, sometimes we write about bugs simply because they are interesting - something to learn from, some element of schadenfreude. We do skip over a lot of inconsequential flaws and try to focus on the ones that matter.

      This is one of those interesting rather than scary bugs, as the article is at pains to point out.

      C.

  2. Stu J

    People actually run Kubernetes on Windows?!

    That sounds like a whole new level of masochism. Weirdos.

    1. An_Old_Dog Silver badge

      Re: People actually run Kubernetes on Windows?!

      My understanding -- possibly-wrong -- from TFA is that it affects Windows instances running as K8 workloads.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like