Microsoft Has Found Two Holes in Linux That Allow You to Run a Root Backdoor

Microsoft this week identified two vulnerabilities in the Linux operating system that could allow a notional attacker to elevate privileges. Security issues that can be exploited in conjunction have been grouped under the common name “Nimbuspwn”.

Linux attacker
According to the description of experts from Microsoft, attackers can use the discovered gaps to install backdoors with root rights, as well as perform other malicious actions through the ability to execute code.

As noted in the Microsoft 365 Defender Research report, the vulnerabilities were identified as CVE-2022-29799 and CVE-2022-29800. Cybercriminals can also use them in ransomware attacks.

The root of the problem lies in the systemd component called networkd-dispatcher, which is designed to send notifications about network status changes.

AS THE NEWS: Sysadmins have already posted complaints on Twitter and Reddit that Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) has recently started flagging updates to the popular browser, citing suspicious behavior.

In particular, the bugs are described as directory traversal (CVE-2022-29799) and race conditions (CVE-2022-29800). If exploited successfully, an attacker could take control of the D-Bus service and install a backdoor on the compromised endpoint.

Users of networkd-dispatcher are strongly advised to update their installations to the latest versions to avoid the risks of exploiting the hole.

Leave a Comment