View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 14, 2023

New warning of Kubernetes vulnerability targeting Windows nodes

Cloud platform Akamai warned that all Windows nodes in Kubernetes are now vulnerable to remote code execution.

By Claudia Glover

Windows endpoints are in danger of remote code execution thanks to a newly discovered vulnerability in Kubernetes, warns a new report by cloud computing giant Akamai. The flaw, known as CVE-2023-3676, impacts all Windows nodes within Kubernetes environments, has a low barrier to entry and carries a CVSS severity rating of 8.8 out of 10. Akamai urges companies using Kubernetes to patch their systems immediately.

The emblem of Kubernetes
The Kubernetes emblem. A new vulnerability has been detected in the open-source system for cloud architecture management, one that makes Windows nodes vulnerable to remote code execution. (Photo by o_m/Shutterstock)

Kubernetes, which means ‘helmsman’ or ‘pilot’ in Greek, is an open-source system for organising software or server containers and is designed to help companies better manage their growing cloud commitments. Over 50% of Fortune 100 companies have adopted this architecture, in which the use of Windows is popular. For example, Microsoft itself runs many of the services that power Office 365 and Microsoft 365 in Windows containers on the Azure Kubernetes Service.

CVE-2023-3676 makes all Windows endpoints within Kubernetes clusters vulnerable to remote code execution by hackers. To exploit the vulnerability, the attacker needs to apply an exploit on a target Kubernetes cluster written in YAML, a programming language prevalent throughout Kubernetes architectures. This malware only requires low privileges to work, thereby setting “a low bar for attackers”, explained Akamai researcher Tom Peled. “Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with SYSTEM privileges.”

Patches have been released for this vulnerability and two others, CVE-2023-3893 and CVE-2023-3955.

Security company Cyble warned in a report last year that over 900,000 Kubernetes structures are exposed online, meaning they are vulnerable to malicious scans or data-exposing cyberattacks.

“Online scanners have made it easy for security researchers to find the exposure of assets,” explained the advisory. “At the same time, malicious hackers can also investigate the exposed Kubernetes instance for a particular organization, increasing the risk of attack.”

Read more: Four major browsers impacted by a single zero-day vulnerability

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.