Microsoft has released an article explaining how to handle one of the most talked-about Kubernetes security vulnerabilities. The CVE-2019-5736 security vulnerability allows a malicious container to gain access to the host system (the Azure Kubernetes Services (AKS) nodes) and hence it is recommended to upgrade your Azure Kubernetes Services (AKS) cluster as soon as possible:
A security vulnerability was announced recently in runC, the low-level container runtime that supports Docker and associated container engines, which affects Azure Kubernetes Service (AKS). As a best practice, we’ll apply the Open Container Initiative (OCI) update to applicable services that we maintain.
The article continues:
Microsoft has built a new version of the Moby container runtime that includes the OCI update to address this vulnerability. To consume that new container runtime release, you’ll need to upgrade your Kubernetes cluster. Any upgrade will suffice, because it will ensure that all existing nodes are removed and replaced with new nodes that include the patched runtime.