Global technology giant Microsoft has revealed two privilege escalation flaws in the Linux operating system that might allow threat actors to carry out various fraudulent activities.
On Linux systems, the identified vulnerabilities can be chained together to grant attackers root privileges, allowing them to deploy payloads.
According to Microsoft, Nimbuspwn vulnerabilities could be used as a vector for root access by more threats like malware or ransomware to significantly impact vulnerable devices.
Read More: Agility Robotics raises $150 million in Series B Funding Round
Therefore, Microsoft has released a guide on its website regarding the affected components and information about the vulnerabilities it identified.
Microsoft discovered the vulnerabilities by monitoring System Bus messages while performing code reviews and dynamic analysis on services that run as root. The vulnerabilities are in a systemd component called networkd-dispatcher, a Linux-based program for the network management system service designed to dispatch network status changes.
The company shared these vulnerabilities with the respective maintainers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).
However, the issues have been fixed and deployed by the maintainer of the network-dispatcher, Clayton Craft. Microsoft said the fixes for the abovementioned vulnerabilities are identified as CVE-2022-29799 and CVE-2022-29800.
“We wish to thank Clayton for his professionalism and collaboration in resolving those issues. Users of network-dispatcher are encouraged to update their instances,” mentioned Microsoft in the blog.
The ever-increasing number of vulnerabilities in Linux points out the need for robust monitoring of the platform and its components.
Microsoft 365 Defense Research Team said, “Microsoft Defender for Endpoint enables organizations to gain this necessary visibility and detect such threats on Linux devices, allowing organizations to detect, manage, respond, and remediate vulnerabilities.”
