Security News > 2020 > September > Google Patches Privilege Escalation Vulnerability in Cloud Service
Google recently patched a privilege escalation vulnerability in OS Config, a Google Cloud Platform service for Compute Engine that is designed for managing operating systems running on virtual machine instances.
Google says the OS Config service API and agent allow users to perform various tasks across a group of VM instances, including applying patches, collecting and reviewing OS information, and installing, removing and updating software packages.
Exploitation of the vulnerability required access to the targeted system: either having a low-privileged shell on the affected VM or control over a compromised network service.
"A practical privilege escalation exploit is something you just execute and it elevates your privileges in a few seconds," Rad told SecurityWeek via email.
Rad noted that Microsoft is offering a much higher reward for similar elevation of privilege vulnerabilities, although it does not have a research grant program, like Google does.
News URL
Related news
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)