Add the feed URL directly to your feed reader:https://cloud.google.com/migrate-to-containers-security-bulletins.xml
GCP-2024-058
Published:2024-10-16
Description
Severity
Notes
Migrate to Containers for Windows versions 1.1.0 to 1.2.2 created a localm2cuserwith administrator privileges. This posed a security risk
if theanalyzeorgeneratecommands were interrupted
by the user or due to an internal error causing skipping the action to delete
the local userm2cuser.
What should I do?
The following versions of Migrate to Containers CLI for Windows have been
updated with code to fix this vulnerability. We recommend that you manually
upgrade your Migrate to Containers CLI to the following version or higher:
The vulnerability, CVE-2024-9858, allows an attacker to gain administrator
access to impacted Windows machines using the local administrator user
created by the Migrate to Containers software.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Security bulletins\n==================\n\nThe following describes all security bulletins related to\nMigrate to Containers.\n\nTo get the latest security bulletins delivered to you, do one of the following:\n\n- Add the URL of this page to your [feed reader](https://wikipedia.org/wiki/Comparison_of_feed_aggregators).\n- Add the feed URL directly to your feed reader: `https://cloud.google.com/migrate-to-containers-security-bulletins.xml`\n\nGCP-2024-058\n------------\n\n**Published:** 2024-10-16"]]
