2025-01-31 03:53:13 Pacfic
Kubernetes Windows Nodes Remote Hack - 5d
A critical remote code execution vulnerability (CVE-2024-9042) in Kubernetes allows attackers to execute commands with SYSTEM privileges on all Windows nodes in a cluster. This vulnerability, specifically in the new beta logging feature ‘Log Query’, is easily exploitable, resulting in full system compromise. This highlights the danger of introducing new features without thorough security testing, impacting organizations that rely on Kubernetes. Immediate patching is vital to prevent potential unauthorized access and lateral movement within the Kubernetes environment.
Windows BitLocker Vulnerability Exposed via Randomization Attack - 8d
Microsoft is addressing a critical vulnerability in Windows BitLocker (CVE-2025-21210) that exposes the encryption mechanism to a randomization attack. This flaw allows attackers with physical access to manipulate ciphertext blocks, potentially writing sensitive data to disk in plaintext. There is another issue with TPM equipped devices which are showing warnings after Bitlocker is enabled.