The vulnerability sounds like it's inherent to SQL Server, and that cloud providers haven't been successful in blocking the underlying problem due to its proprietary nature.
Presenting it as a Cloud SQL problem is disingenuous.
> we identified a gap in GCP’s security layer that was created for SQL Server. This vulnerability enabled us to escalate our initial privilege and add our user to the DbRootRole role, a GCP admin role.
So Google took proprietary software not designed for this use-case and built their own security layer on top of it and ended up with bugs.
Of course that's an issue with the service. Presenting it as anything else than an issue in Cloud SQL seems disingenuous.
nitrammm|2 years ago
> we identified a gap in GCP’s security layer that was created for SQL Server. This vulnerability enabled us to escalate our initial privilege and add our user to the DbRootRole role, a GCP admin role.
So Google took proprietary software not designed for this use-case and built their own security layer on top of it and ended up with bugs.
Of course that's an issue with the service. Presenting it as anything else than an issue in Cloud SQL seems disingenuous.