Microsoft
has issued a critical security advisory concerning a backdoor vulnerability (CVE-2024-3094) found within the widely used XZ Utils file compressor. This major flaw, with a maximum severity score of 10.0 on the CVSS scale, affects several popular
Linux
distributions including Fedora, Kali Linux, OpenSUSE, and Alpine Linux. Potentially, this vulnerability could have had a widespread global impact.
Andres Freund was investigating a 500-millisecond delay in SSH connections
Thankfully, a Microsoft Linux developer, Andres Freund, stumbled upon the issue while investigating a suspicious 500-millisecond delay in SSH connections. He uncovered a malicious backdoor embedded within the XZ software itself.
At the time of writing, only four out of 63 security vendors on VirtusTotal are correctly flagging this exploit as harmful. This incident highlights the importance of vigilance, as many users might have overlooked the seemingly minor delay. It also brings to attention the potential vulnerability of open-source software to malicious actors.
If you’re concerned about your system’s safety, versions 5.6.0 and 5.6.1 of XZ Utils are confirmed to be compromised. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends using older, verified versions of the software as a precaution.
Several third-party tools can also help identify the vulnerability. Security firms Qualys and Binarly offer free scanners:
Qualys:
Look for VULNSIGS version 2.6.15-6, with the vulnerability ID (QID) “379548.”
Binary:
This free XZ backdoor scanner will display a message like “XZ malicious implant detected” if your system is affected.
RELATED:
Tongue Gestures? Microsoft’s Future Products may Redefine Gesture Control (Or Not)
Microsoft & OpenAI planning $100 billion supercomputer Stargate ai
Lenovo Legion Y700 2023: Save $100 on this 8-inch gaming Android tablet
Xiaomi Band 8 Genshin Impact custom edion get a huge discount.
Best of MWC 2024: ai Phone, Transparent Laptop, 3D Tablet & More
(
Via
)
Microsoft Employee Discovers Critical Flaw in Linux Utility, Prevents Widespread Global Impact
ByPier
Apr 4, 2024
Microsoft Employee Discovers Critical Flaw in Linux Utility, Prevents Widespread Global Impact - Microsoft - NewsBy Pier
Your go-to destination for the latest news and insights on all things China! I'm Pier, your guide through the fascinating world of Chinese culture, economy, technology, and more.