Security bulletins
The following describes all security bulletins related to Migrate to Containers.
To get the latest security bulletins delivered to you, do one of the following:
- Add the URL of this page to your feed reader .
- Add the feed URL directly to your feed reader:
https://cloud.google.com/migrate-to-containers-security-bulletins.xml
GCP-2024-058
Published:2024-10-16Migrate to Containers for Windows versions 1.1.0 to 1.2.2 created a local m2cuser
with administrator privileges. This posed a security risk
if the analyze
or generate
commands were interrupted
by the user or due to an internal error causing skipping the action to delete
the local user m2cuser
.
What should I do?
The following versions of Migrate to Containers CLI for Windows have been updated with code to fix this vulnerability. We recommend that you manually upgrade your Migrate to Containers CLI to the following version or higher:
- Migrate to Containers CLI for Windows 1.2.3 released on October 8, 2024 - Migrate to Containers CLI release notes | Google Cloud
What vulnerabilities are being addressed?
The vulnerability, CVE-2024-9858, allows an attacker to gain administrator access to impacted Windows machines using the local administrator user created by the Migrate to Containers software.
