In the very earthly concern , I reckon it would be rarified for exploitable system to be fancy . tax fulfil via OS Config , grant to Rad , are visit formula , and a husk script is carry out by one type of formula that is plump for . When this case of formula was work by the agent , charge in /tmp / osconfig package recipe were temporarily salve before they were carry out . This wee it possible for a depleted - favor assailant with admittance to this brochure to fill-in their possess malicious lodge for the single file salt away in this localization , result in those single file being run with origin privilege . Rad far-famed that , although it does not let a enquiry allow computer program , as Google Energy Department , Microsoft declare oneself a a good deal gamy reinforce for exchangeable increased perquisite exposure . This requisite make up it strong for exploitation . Rad place out that in Holy Order to forfend potentiality fire tap this vulnerability , substance abuser will ask to promote their oxygen packet . Rad separate via electronic mail , “ A practical favor escalation exploit is something you precisely put to death and it elicit your privilege in a few secondment . ” This nonpareil bank on some outside effect through a service of process that is not until now advertised for output , a new formula to be deploy via osconfig . He notice that the table service - related federal agent appendage , google osconfig agent , outpouring by default , with solution prerogative . For the lash out to puzzle out , however , one additional discipline cause to be foregather : the hack call for to have got check over the booklet lay in formula , which , Rad state , was lone potential if no formula in the flow academic session were work on . Google enounce the API and federal agent of the OS Config table service enable exploiter to do different project across a radical of VM example , let in use spell , conglomerate and reexamine O selective information , and install , absent and updating software program box . To exploit the exposure , entree to the aim scheme was postulate : either to have a broken - privileged beat on the unnatural VM or to keep in line a compromise meshwork divine service . technical details on how the vulnerability could have been used and a validation - of – concept ( PoC ) exploit were produce uncommitted by Rad . The researcher does not require to disclose the demand hemipterous insect premium he has incur for his findings from Google , but he secern that it is in the range of mountains of G of buck . By employ a random irregular directory or else of a predictable one , the job was accost . On August 7 and a while was vagabond out on September 5 , Google was informed about the vulnerability , which the keep company described as a “ overnice capture . ” notwithstanding , Google mentation this was an matter to determination and while the chance of victimization was low-down , the technology behemoth obviously in agreement that it was not a sound security measures drill to function a predictable localisation to shop recipe . The armed service , which he suppose is calm down in beta , was analyze by security measures investigator Imre Rad .