Saturday, October 1, 2022
HomeNewsMicrosoft identifies New Privilege Escalation Flaws in Linux Operating System

Microsoft identifies New Privilege Escalation Flaws in Linux Operating System

The vulnerabilities are in a systemd component called networkd-dispatcher, a Linux-based program for the network manager system service designed to dispatch network status changes.

Global technology giant Microsoft has revealed two privilege escalation flaws in the Linux operating system that might allow threat actors to carry out various fraudulent activities. 

On Linux systems, the identified vulnerabilities can be chained together to grant attackers root privileges, allowing them to deploy payloads. 

According to Microsoft, Nimbuspwn vulnerabilities could be used as a vector for root access by more threats like malware or ransomware to significantly impact vulnerable devices. 

Read More: Agility Robotics raises $150 million in Series B Funding Round

Therefore, Microsoft has released a guide on its website regarding the affected components and information about the vulnerabilities it identified. 

Microsoft discovered the vulnerabilities by monitoring System Bus messages while performing code reviews and dynamic analysis on services that run as root. The vulnerabilities are in a systemd component called networkd-dispatcher, a Linux-based program for the network management system service designed to dispatch network status changes. 

The company shared these vulnerabilities with the respective maintainers through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR). 

However, the issues have been fixed and deployed by the maintainer of the network-dispatcher, Clayton Craft. Microsoft said the fixes for the abovementioned vulnerabilities are identified as  CVE-2022-29799 and CVE-2022-29800

“We wish to thank Clayton for his professionalism and collaboration in resolving those issues. Users of network-dispatcher are encouraged to update their instances,” mentioned Microsoft in the blog. 

The ever-increasing number of vulnerabilities in Linux points out the need for robust monitoring of the platform and its components. 

Microsoft 365 Defense Research Team said, “Microsoft Defender for Endpoint enables organizations to gain this necessary visibility and detect such threats on Linux devices, allowing organizations to detect, manage, respond, and remediate vulnerabilities.”

Subscribe to our newsletter

Subscribe and never miss out on such trending AI-related articles.

We will never sell your data

Join our Telegram and WhatsApp group to be a part of an engaging community.

Dipayan Mitra
Dipayan Mitra
Dipayan is a news savvy writer, who does not leave a single page of news paper unturned. He is also a professional vocalist who enjoys ghazals. Building a dog shelter is his forever dream.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular