Security News > 2025 > January > Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
2025-01-24 15:00
SYSTEM-level command injection via API parameter *chef's kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled.…
News URL
https://go.theregister.com/feed/www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/
Related news
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)