Explore the critical CVE-2024-29990 vulnerability in Azure Kubernetes Service Confidential Containers, its impact, and remediation steps.
Microsoft’s recent security patch release includes fixes for numerous vulnerabilities, with one critical flaw, CVE-2024-29990, standing out. This blog post delves into the details of this vulnerability, its potential impact, and how organizations can protect themselves.
Affected products | Azure Kubernetes Service Confidential Containers |
Product category | Cloud Security |
Severity | Critical |
Type | Elevation of Privilege |
Impact | Confidentiality (H), Integrity (H), Availability (H) |
PoC | Yes |
Exploit in the wild | No evidence |
CISA catalog | No |
Remediation action | Apply the latest security patches & updates to Azure Kubernetes Service |
MITRE advisory |
The recent CSRB report sheds light on broader cyber security concerns within Microsoft, highlighting operational lapses, inadequate security culture, and vulnerabilities across its ecosystem.
While not directly tied to CVE-2024-29990, these insights underscore the critical need for comprehensive security reforms and proactive measures to address vulnerabilities and safeguard sensitive data.
CVE-2024-29990 is an elevation of privilege flaw affecting Microsoft Azure Kubernetes Service Confidential Container (AKSCC). With a CVSS severity score of 9.0, this vulnerability allows unauthenticated attackers to compromise AKS clusters, potentially leading to credential theft and unauthorized access.
Background research indicates that the exploitation of CVE-2024-29990 could result in attackers gaining control over confidential guests and containers, extending beyond the network stack’s intended security boundaries.
Organizations utilizing Azure Kubernetes Service Confidential Container, particularly those running affected versions specified by Microsoft, are vulnerable to CVE-2024-29990. Readers can verify their system’s susceptibility by referencing Microsoft’s advisory and examining their AKS configurations.
The potential impact of CVE-2024-29990 on individuals and organizations includes unauthorized access, data breaches, and compromise of critical infrastructure hosted on AKS clusters.
While there are no reported instances of CVE-2024-29990 exploitation in the wild, its severity warrants proactive mitigation measures. Microsoft reports a PoC having been found.
Security analysts emphasize the importance of staying informed about emerging threats and monitoring for any signs of exploitation.
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An attacker who successfully exploited this vulnerability could steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers (AKSCC).
Additionally, a threat actor can access the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to. An unauthenticated attacker can move the same workload onto a machine they control, where the attacker is root.
Microsoft has recommended applying the latest security patches and updates to Azure Kubernetes Service to mitigate CVE-2024-29990. Additionally, organizations are advised to conduct thorough security audits, prioritize risk management, and implement best practices for securing AKS clusters.
Users must ensure they are running the latest version of az confcom and Kata Image.
Users who do not have az confcom installed can install the latest version by executing az extension add -n confcom. Users running versions prior to 0.3.3 need to update by executing az extension update -n confcom. Az extension update
See also: Confidential computing plugin for Confidential VMs | Azure AgentBaker github release motes
Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: