Microsoft discovers new privilege escalation flaws in Linux

The Microsoft 365 Defender team discovered two privilege escalation flaws in Linux operating system. These flaws are worrisome as they can cause further damage by giving access for various malicious operations. Although Linux was long thought to be one of the most secure systems, it is now known that cybercriminals have only looked for more ways to attack. Learn the details in this article.

Read: Elon Musk’s Twitter will offer end-to-end encryption in DMs

Linux has two privilege escalation flaws

Both flaws were collectively called “Nimbuspwn,” but each carries the following codes: CVE-2022-29799 and CVE-2022-29800. These have their roots in a certain system component called networkd-dispatcher, a daemon program for the network manager system service, designed to dispatch network status changes.

As Jonathan Bar Or of the Microsoft 365 Defender Research Team explains: “The flaws can be chained together to gain root privileges on Linux systems, allowing attackers to deploy payloads, like a root backdoor, and perform other malicious actions via arbitrary root code execution.”

In addition to all this, both flaws can be used as vectors to gain deeper access and implement more developed and dangerous threats such as ransomware. As specified in The Hackers News: “They relate to a combination of directory traversal (CVE-2022-29799), symbolic link (aka symlink) race, and time-of-check to time-of-use (CVE-2022-29800 ) flaws, leading to a scenario where an adversary in control of a rogue D-Bus service can plant and execute malicious backdoors on the compromised endpoints.”

As always, it is recommended that users update to the latest versions immediately to patch these vulnerabilities and keep systems protected. In addition to this, Microsoft 365 Defender was very clear in emphasizing that: “The growing number of vulnerabilities on Linux environments emphasize the need for strong monitoring of the platform’s operating system and its components.” All of this, plus the impressive number of threats and attacks lately, leads to an increasing need to raise cybersecurity awareness.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.

Foto de Lukas en Unsplash.

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Cybersecurity

-

Cloud
Services

Management Services

-

Microsoft discovers new privilege escalation flaws in Linux

Linux has two privilege escalation flaws

Table of Contents

Share this Article

Related Articles

IT Support Decision: In-House IT vs MSP

5 IT Red Flags for Your Business

Hacker AI vs. Security AI: Understanding the Difference

The Steps to Take to Prevent AI from Being Used Against You

Newsletter

Services

Company

Products

Social

Copyright © 2024 Eagle Tech Corp . All Rights Reserved.

MADE WITH ❤ BY ZEUSWEBDESIGN

Cybersecurity

-

Cloud Services

Management Services

-

Microsoft discovers new privilege escalation flaws in Linux

Linux has two privilege escalation flaws

Table of Contents

Share this Article

Related Articles

IT Support Decision: In-House IT vs MSP

5 IT Red Flags for Your Business

Hacker AI vs. Security AI: Understanding the Difference

The Steps to Take to Prevent AI from Being Used Against You

Newsletter

Services

Company

Products

Social

Copyright © 2024 Eagle Tech Corp . All Rights Reserved.

MADE WITH ❤ BY ZEUSWEBDESIGN

Cloud
Services