  > a container breakout looked out of the question as every possible known breakout had been patched

This is the part that concerns me. It only encourages an attacker to sit on an exploit like this until a new container breakout is discovered.

▲ tptacek 4 days ago | parent | next [-]

Are you not concerned about all the other platforms that rely on containers as security boundaries between tenants? There are a lot of them.

	▲	bgwalter 3 days ago \| parent [-]
		It is hard to answer that since the stack is so convoluted. Some parts are forced on the user. Copilot is built into Microsoft Office workplace applications. If you break out of a container, do you have access to the same system that serves these applications? Who knows, it looks like a gigantic mess.

▲ whazor 4 days ago | parent | prev [-]

I expect that they run their containers more isolated as virtual machines. So they have bigger problems of there is a breakout possible.