Microsoft this week identified two vulnerabilities in the Linux operating system that could allow a notional attacker to elevate privileges. Security issues that can be exploited in conjunction have been grouped under the common name “Nimbuspwn”.
As noted in the Microsoft 365 Defender Research report, the vulnerabilities were identified as CVE-2022-29799 and CVE-2022-29800. Cybercriminals can also use them in ransomware attacks.
The root of the problem lies in the systemd component called networkd-dispatcher, which is designed to send notifications about network status changes.
AS THE NEWS: Sysadmins have already posted complaints on Twitter and Reddit that Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) has recently started flagging updates to the popular browser, citing suspicious behavior.
In particular, the bugs are described as directory traversal (CVE-2022-29799) and race conditions (CVE-2022-29800). If exploited successfully, an attacker could take control of the D-Bus service and install a backdoor on the compromised endpoint.
Users of networkd-dispatcher are strongly advised to update their installations to the latest versions to avoid the risks of exploiting the hole.