Windows workloads running as a Kubernetes Container Administrator when it’s expressly forbidden? We all know that one of the dumbest things you can do is run containers with root privileges.
Now, the https://github.com/kubernetes/committee-security-response has reported a security bug, https://seclists.org/oss-sec/2022/q3/206, that enabled Windows workloads to run as Kubernetes Container Administrator in their containers even when the runAsNonRoot option is set to true. Specifically, the problem is that a “security issue” was discovered in Kubernetes that could allow https://github.com/kubernetes/kubernetes/issues/112192 even when those workloads set the runAsNonRoot option to true. You can spot if someone is trying to exploit this by checking your Kubernetes Audit logs for misspelled user names.