Review & Remediate Vulnerabilities for Containers Running on Kubernetes Clusters

Implementation Effort: Medium
This task involves enabling vulnerability assessments, reviewing CVE findings for running containers, and coordinating with DevOps teams to rebuild and redeploy secure images.

User Impact: Low
Only security and DevOps teams are involved in the remediation process; end users are not affected.

Overview

Microsoft Defender for Containers provides risk-based vulnerability assessments for containers running on Kubernetes clusters. These assessments correlate container runtime data with image vulnerability reports to identify and prioritize remediation actions based on contextual risk.

To review and remediate vulnerabilities:

• Go to Microsoft Defender for Cloud > Recommendations.
• Select the recommendation: "Containers running in Azure should have vulnerability findings resolved".
• Open the Findings tab to view:
  • A list of CVEs affecting running containers.
  • Affected container instances and their associated images.
  • Software versions that resolve the vulnerabilities.
  • External links for patching guidance.
• Remediate by:
  • Updating base images or dependencies.
  • Rebuilding and redeploying containers using secure images.
  • Automating this process in CI/CD pipelines for consistency.

This process supports the Zero Trust principle of "Verify Explicitly" by ensuring that all running containers are continuously assessed and validated against known vulnerabilities, reducing the risk of runtime exploitation.

Risks if not implemented: If vulnerabilities in running containers are not addressed, attackers may exploit them to gain access, escalate privileges, or move laterally within the cluster.

Reference

• View and remediate vulnerabilities for containers running on Kubernetes clusters
• Overview of Microsoft Defender for Containers
• Investigate and respond to container threats in Microsoft Defender