When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft releases detailed FAQs about XZ Utils vulnerability in Linux systems

Microsoft Defender Antivirus logo blue on blue background

Microsoft has published detailed FAQs and guidance regarding a critical vulnerability found within XZ Utils. The vulnerability, which has the identifier CVE-2024-3094, has a critical severity rating and was discovered due to a software supply chain compromise. The XZ Utils tool is essentially used for data compression across various Linux distributions and is important for managing software packages, kernel images, and more.

Microsoft's response includes key recommendations for users that are affected by this vulnerability. The company advises to downgrade to a secure version of XZ Utils as well as utilize Microsoft Defender Vulnerability Management and Defender for Cloud.

The vulnerability was discovered by Microsoft employee Andres Freund "by accident" when he was trying to investigate performance issues with SSH on a Debian system. Freund noticed unusual behavior related to the XZ Utils updates, leading him to uncover the intentional backdoor planted in versions 5.6.0 and 5.6.1 of XZ Utils.

The backdoor allows an attacker with the correct private key to exploit SSH operations, granting them root access to the system. The backdoor operates through a five-stage loader that manipulates the function resolution process, enabling the attacker to execute arbitrary commands remotely.

Here are the Linux distributions that are affected by the vulnerability:

Fedora Rawhide

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Fedora 41

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Debian testing, unstable and experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1.

https://lists.debian.org/debian-security-announce/2024/msg00057.html

openSUSE Tumbleweed and openSUSE MicroOS

https://news.opensuse.org/2024/03/29/xz-backdoor/

Kali Linux (Discovery supported)

https://www.kali.org/blog/about-the-xz-backdoor/

Notably, Red Hat Enterprise Linux (RHEL) versions are unaffected. Ubuntu, one of the most popular Linux distributions, also remains unaffected as it uses an older version 5.4 of XZ Utils.

In addition to the above, to check whether your Linux system is affected by the vulnerability,

  1. Run the command xz --version in your terminal to check the version of XZ Utils installed on your system. If the output shows a version equal to 5.6.0 or 5.6.1, your system may be vulnerable.
  2. If your system is running a vulnerable version of XZ Utils, it is crucial to take immediate action by updating your system, especially if you are using a .deb or .rpm-based distribution with glibc. Prioritize updating systems using systemd on publicly accessible SSH ports to mitigate immediate risks.
  3. If you suspect your system might have been compromised, you can also review audit logs for any anomalies that could indicate unauthorized access or unusual activities.

To read about Microsoft's recommendations and detailed FAQs, you can visit the Microsoft Tech Community page here.

Report a problem with article
Next Article

Edge Canary for Android now lets you install any Edge extension

Sam Altman and the OpenAI logo
Previous Article

The OpenAI Startup Fund is no longer owned and controlled by Sam Altman

Join the conversation!

Login or Sign Up to read and post a comment.

9 Comments - Add comment