What can an attacker do with this vulnerability? The AAD pod identity enables users to assign identities to pods in Kubernetes clusters and fetch them from the pods using a regular IMDS (Azure Instance Metadata Service) request. When an identity is assigned to a pod, the pod can access to the IMDS endpoint and get a token of that identity. An attacker who successfully exploited this vulnerability can laterally steal the identities that are associated with different pods. How do I know if I need to install the update? Customers with existing installation need to re-deploy their cluster and use Azure CNI instead of the default kubernet. For more information, please see details here: Configure Azure CNI networking in Azure Kubernetes Service (AKS) Deploy AAD Pod Identity in a Cluster with Kubenet New installations will already have the update installed.