Remote Windows endpoint attacks likely with new Kubernetes flaws

All Kubernetes environments with Windows nodes could be compromised in a remote code execution attack with privilege escalation through the exploitation of three new high-severity vulnerabilities, according to The Hacker News. Discovered by Akamai, the flaws, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, have already been addressed in a security update issued late last month. Attackers could leverage CVE-2023-3676 to facilitate arbitrary code injections on remote Windows instances with SYSTEM privileges, while CVE-2023-3955 could be exploited to achieve command execution, said Akamai security researcher Tomer Peled. Moreover, administrator access to targeted nodes could be allowed through the exploitation of CVE-2023-3893. Such flaws have been noted by ARMO to have emerged from the input sanitization lapses in the Windows porting of Kubelet. "Specifically, when handling Pod definitions, the software fails to adequately validate or sanitize user inputs. This oversight enables malicious users to craft pods with environment variables and host paths that, when processed, lead to undesired behaviors, such as privilege escalation," said ARMO.