Microsoft releases detailed FAQs about XZ Utils vulnerability in Linux systems
Microsoft has released extensive FAQs and instructions addressing a critical vulnerability discovered in XZ Utils. The vulnerability, identified as CVE-2024-3094, has been deemed critical and was detected as a result of a compromise in the software supply chain. The XZ Utils tool is a crucial component in data compression for a variety of Linux distributions, playing a significant role in software package management, kernel images, and other important functions.
To assist impacted users, Microsoft has provided essential suggestions. These include downgrading to a secure version of XZ Utils and utilizing Microsoft Defender Vulnerability Management and Defender for Cloud.
The vulnerability was accidentally discovered by Microsoft employee Andres Freund while investigating performance issues with SSH on a Debian system. During his investigation, Freund noticed unusual behavior related to the XZ Utils updates which led him to uncover the intentional backdoor planted in versions 5.6.0 and 5.6.1 of XZ Utils.
The backdoor enables an attacker who possesses the appropriate private key to exploit SSH activities and gain root access to the system. The backdoor works through a five-stage loader that alters the function resolution process, allowing the attacker to remotely execute any desired commands.
The vulnerability impacts the following Linux distributions:
|
Fedora Rawhide |
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users |
|
Fedora 41 |
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users |
|
Debian testing, unstable and experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1. |
https://lists.debian.org/debian-security-announce/2024/msg00057.html |
|
openSUSE Tumbleweed and openSUSE MicroOS |
https://news.opensuse.org/2024/03/29/xz-backdoor/ |
|
Kali Linux (Discovery supported) |
https://www.kali.org/blog/about-the-xz-backdoor/ |
Surprisingly, Red Hat Enterprise Linux (RHEL) versions remain unharmed. Similarly, the widely-used Ubuntu Linux distribution is also unaffected due to its utilization of an older version, 5.4, of XZ Utils.
Furthermore, to determine if your Linux system is impacted by the vulnerability,
- To determine the version of XZ Utils installed on your system, execute the command “xz –version”in your terminal. If the output displays a version of 5.6.0 or 5.6.1, your system could potentially be at risk.
- It is vital to promptly update your system if it is using a vulnerable version of XZ Utils, particularly if you have a. deb or. rpm-based distribution with glibc. For added security, focus on updating systems that use systemd and have publicly accessible SSH ports to reduce immediate risks.
- If you have reason to believe that your system may have been compromised, you can also examine audit logs for any abnormalities that may suggest unauthorized access or irregular behavior.
To access information on Microsoft’s suggestions and comprehensive FAQs, please go to the Microsoft Tech Community page.
Leave a Reply