Add the feed URL directly to your feed reader: https://cloud.google.com/migrate-to-containers-security-bulletins.xml
GCP-2024-058
Published: 2024-10-16
Description
Severity
Notes
Migrate to Containers for Windows versions 1.1.0 to 1.2.2 created a local
m2cuser with administrator privileges. This posed a security risk
if the analyze or generate commands were interrupted
by the user or due to an internal error causing skipping the action to delete
the local user m2cuser.
What should I do?
The following versions of Migrate to Containers CLI for Windows have been
updated with code to fix this vulnerability. We recommend that you manually
upgrade your Migrate to Containers CLI to the following version or higher:
The vulnerability, CVE-2024-9858, allows an attacker to gain administrator
access to impacted Windows machines using the local administrator user
created by the Migrate to Containers software.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-16 UTC."],[],[]]
