|
1 | 1 | --- |
2 | 2 | title: Review and remediate Kubernetes node vulnerabilities |
3 | | -description: Learn about Defender for Containers vulnerability assessment for Kubernetes nodes. |
| 3 | +description: Learn how to review and remediate vulnerability findings for Kubernetes nodes in Microsoft Defender for Cloud. |
4 | 4 | ms.date: 04/09/2026 |
5 | 5 | ms.topic: how-to |
6 | 6 | ms.custom: sfi-image-nochange |
7 | 7 | --- |
8 | 8 |
|
9 | 9 | # Review and remediate Kubernetes node vulnerabilities |
10 | 10 |
|
11 | | -Defender for Cloud scans the [VMs that host Kubernetes nodes](./kubernetes-nodes-overview.md#protection-for-kubernetes-nodes) for vulnerabilities in the operating system and installed software. When vulnerabilities are detected, Defender for Cloud generates recommendations to help you review and remediate them as part of the [shared responsibility](./kubernetes-nodes-overview.md#shared-responsibility-of-kubernetes-nodes) for maintaining Kubernetes node security. |
| 11 | +Defender for Cloud scans the [VMs that host Kubernetes nodes](./kubernetes-nodes-overview.md#protection-for-kubernetes-nodes) for vulnerabilities in the operating system and installed software. When vulnerabilities are detected, Defender for Cloud generates recommendations with detailed findings to help you review and remediate them. |
| 12 | + |
| 13 | +Reviewing and remediating these vulnerabilities is part of the [shared responsibility](./kubernetes-nodes-overview.md#shared-responsibility-of-kubernetes-nodes) for maintaining Kubernetes node security. |
12 | 14 |
|
13 | 15 | ## Prerequisites |
14 | 16 |
|
15 | 17 | Before you begin, make sure that: |
16 | 18 |
|
17 | 19 | - You have an Azure subscription. If you don’t have an Azure subscription, create a [free account](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) before you begin. |
18 | 20 |
|
19 | | -- [Microsoft Defender for Cloud is enabled on your subscription](connect-azure-subscription.md) with one of the following plans: |
| 21 | +- [Microsoft Defender for Cloud is enabled on your subscription](connect-azure-subscription.md) with one of the following plans enabled: |
20 | 22 | - Defender for Containers |
21 | 23 | - Defender for Servers P2 |
22 | 24 | - Defender CSPM |
23 | 25 |
|
24 | 26 | - [Agentless scanning for machines](kubernetes-nodes-overview.md#enable-agentless-scanning-for-machines) is enabled. |
25 | 27 |
|
26 | | -## Review the Kubernetes node vulnerability recommendations |
| 28 | +## Review vulnerability findings for Kubernetes nodes |
27 | 29 |
|
28 | 30 | 1. Sign in to the [Azure portal](https://portal.azure.com). |
29 | 31 |
|
30 | 32 | 1. Go to **Microsoft Defender for Cloud** > **Recommendations**. |
31 | 33 |
|
32 | 34 | 1. Search for and select the `AKS nodes should have vulnerability findings resolved` recommendation. |
33 | 35 |
|
34 | | - :::image type="content" source="media/kubernetes-nodes-va/recommendations-list-select-nodes-va.png" alt-text="Screenshot showing the selection of the nodes recommendation line." lightbox="media/kubernetes-nodes-va/recommendations-list-select-nodes-va.png"::: |
35 | | - |
36 | | -1. The full details of the Kubernetes node recommendation are shown. Along with a full description of the vulnerability, other details such as the name of the affected Kubernetes node pool and its cluster are presented. -> change to something like review the blabla |
| 36 | +1. Review the recommendation details, including affected node pools and clusters. |
37 | 37 |
|
38 | 38 | :::image type="content" source="media/kubernetes-nodes-va/recommendation-node-details.png" alt-text="Screenshot showing the details of the recommendation for the Kubernetes node." lightbox="media/kubernetes-nodes-va/recommendation-node-details.png"::: |
39 | 39 |
|
40 | | -1. Select **Findings**. |
| 40 | +1. Select **Findings** to view the list of CVEs. |
41 | 41 |
|
42 | 42 | :::image type="content" source="media/kubernetes-nodes-va/recommendation-node-details-findings.png" alt-text="Screenshot of selecting the findings tab to view a list of CVEs related to the Kubernetes node." lightbox="media/kubernetes-nodes-va/recommendation-node-details-findings.png"::: |
43 | 43 |
|
44 | | -1. Select a CVE. (add to view_) |
45 | | - |
46 | | - :::image type="content" source="media/kubernetes-nodes-va/recommendation-node-cve-detail.png" alt-text="Screenshot of the pane showing all the details of the CVE and Kubernetes node resources affected." lightbox="media/kubernetes-nodes-va/recommendation-node-cve-details.png"::: |
47 | | - |
48 | | -In the details pane, the **Node pool instances** section shows the nodes to be affected by the remediation. The **More affected resources** shows other nodes that have the same CVE and should be remediated as well. (this can be deleted) |
| 44 | +1. Select a CVE to view detailed vulnerability information, including affected resources. |
49 | 45 |
|
50 | 46 | ## Remediate Kubernetes node vulnerabilities |
51 | 47 |
|
52 | | -Kubernetes node vulnerabilities are remediated by updating the node pool VM image version. The customer upgrades the node pool, as part of the shared responsibility between the Kubernetes service and the customer. The customer upgrades the node pool in one of two ways - either upgrade the node pool VM image and/or the cluster's Kubernetes service, to a newer version. **It is recommended to upgrade the node pool VM image first.** In some cases, the customer needs to upgrade the cluster's Kubernetes service version and the node pool VM image version to remediate the vulnerability. (do i need this? can imove it if i need it?) |
53 | | - |
54 | | -> [!IMPORTANT] |
55 | | -> The cluster's Kubernetes version and the node pool VM image can be [set to auto-upgrade](/azure/aks/upgrade-cluster#configure-automatic-upgrades). These versions should be [regularly upgraded](/azure/aks/upgrade-cluster) to provide maximum security for you AKS resources. (is this needed?) |
56 | | -
|
57 | | -### Upgrade the node pool VM image |
58 | | - |
59 | 48 | 1. Sign in to the [Azure portal](https://portal.azure.com). |
60 | 49 |
|
61 | | -1. Search for and select **Microsoft Defender for Cloud**. |
62 | | - |
63 | | -1. Select **Recommendations**. |
| 50 | +1. Go to **Microsoft Defender for Cloud** > **Recommendations**. |
64 | 51 |
|
65 | 52 | 1. Search for and select the `AKS nodes should have vulnerability findings resolved` recommendation. |
66 | 53 |
|
67 | | - :::image type="content" source="media/kubernetes-nodes-va/recommendations-list-select-nodes-va.png" alt-text="Screenshot showing the selection of the nodes recommendation line." lightbox="media/kubernetes-nodes-va/recommendations-list-select-nodes-va.png"::: |
68 | | - |
69 | 54 | 1. Select **Fix**. |
70 | 55 |
|
71 | 56 | :::image type="content" source="media/kubernetes-nodes-va/recommendation-node-details-select-fix.png" alt-text="Screenshot showing the details of the recommendation for the Kubernetes node and the highlighted Fix button." lightbox="media/kubernetes-nodes-va/recommendation-node-details-select-fix.png"::: |
72 | 57 |
|
73 | | -1. Select **Upgrade Kubernetes** or **Update Image**. |
| 58 | +1. Select **Update image** to apply the latest patched node pool VM image, or **Upgrade Kubernetes** to move the cluster to a newer Kubernetes version. |
74 | 59 |
|
75 | 60 | :::image type="content" source="media/kubernetes-nodes-va/node-pool-overview.png" alt-text="Screenshot showing the overview details of the Kubernetes node pool for updating its image." lightbox="media/kubernetes-nodes-va/node-pool-overview.png"::: |
76 | 61 |
|
|
0 commit comments