Attention Linux users! Hidden backdoor found in XZ Utils, Microsoft warns

Only XZ Utils 5.6.0 and 5.6.1 come with a hidden backdoor

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

linux backdoor

Linux has always been a more secure system than Windows, but that doesn’t mean that Linux is safe from all threats.

Speaking of which, according to the reports, several versions of Linux were affected by a critical vulnerability recently.

Two versions of XZ Utils in Linux come with a hidden backdoor

As Neowin writes, Microsoft released a FAQ on XZ Utils that was discovered recently in Linux. The vulnerability has been identified as CVE-2024-3094 and it has been deemed as critical.

It was first discovered by a Microsoft employee by accident while investigating SSH issues on the Debian system. According to the employee, he noticed unusual behavior with XZ Utils, which led to the discovery of a backdoor.

With this backdoor, a hacker with the correct private key can abuse the SSH operations and gain root access to the system.

The backdoor uses a five-stage loader that allows the hacker to perform arbitrary commands remotely.

The good news is that only versions 5.6.0 and 5.6.1 of XZ Utils come with a backdoor, meaning that older versions are unaffected.

As for affected distributions, the following have this backdoor on them:

  • Fedora Rawhide
  • Fedora 41
  • Debian testing, unstable and experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1.
  • openSUSE Tumbleweed and openSUSE MicroOS
  • Kali Linux (Discovery supported)

To check if your device is affected, Microsoft suggests the following:

  1. Check the version of XZ Utils on your system. You can do that with the following command: xz –version
  2. If you have version 5.6.0 or 5.6.1 installed, update your system. Prioritize updating systems with systemd on publicly accessible SSH ports. This is especially true if you’re using .deb or .rpm-based distribution with glibc.
  3. Review audit logs if you suspect that the system has been compromised.

In order news, Microsoft engineers have improved Rust integration in Linux with module initialization patches.

More about the topics: Linux, security threats