HomeWinBuzzer NewsMicrosoft Developer Uncovers Critical Backdoor in XZ Utils Affecting Multiple Linux Distros

Microsoft Developer Uncovers Critical Backdoor in XZ Utils Affecting Multiple Linux Distros

Microsoft found a critical backdoor (CVE-2024-3094) in popular Linux compression tool XZ Utils.


Microsoft has unveiled a significant security flaw within XZ Utils, a widely used file compression tool across various Linux distributions. The vulnerability, cataloged under CVE-2024-3094, has been assigned the highest severity rating of 10.0 by the Common Vulnerability Scoring System (CVSS). This flaw poses a potential threat to several major Linux distributions, including Fedora, Kali Linux, OpenSUSE, and Alpine. The discovery was made by a Microsoft Linux developer, Andres Freund, who noticed an unusual delay in SSH port connections, leading to the identification of a malicious backdoor.

Impact and Detection

The vulnerability has raised concerns due to its potential global impact, with only four out of 63 security vendors, including Microsoft, currently able to detect the exploit accurately. The compromised versions of XZ Utils, specifically 5.6.0 and 5.6.1, contain the backdoor, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to advise the use of older, unaffected versions. Security research firms such as Qualys and Binarly have responded by releasing detection and scanner tools. Qualys has updated its VULNSIGS to version 2.6.15-6 and identified the vulnerability with the Qualys Vulnerability Detection ID “379548.” Binarly, on the other hand, offers a free scanner that alerts users to the presence of the “XZ malicious implant” in compromised software versions.

Red Hat later announced the discovery of the critical vulnerability within the xz data compression library, affecting Fedora Linux versions 40, 41, and the Fedora Rawhide developer distribution. Red Hat’s investigation reveals that the code is fully present only in the download package, and becomes operational through manipulation of the M4 macro within the Git repository. 

Recommendations and Solutions

To determine if a system is vulnerable, users are encouraged to execute a specific command in SSH with administrator privileges. This proactive measure, along with the utilization of third-party scanning tools, forms the cornerstone of the recommended guidance to mitigate the risk posed by this vulnerability. Both Binarly and Qualys provide valuable resources on their websites for those seeking more technical details or solutions to safeguard their systems.

In response to the discovery, Red Hat has issued a strong advisory to all users of Fedora Rawhide, urging them to halt any use of the distribution for both work and personal activities immediately. Plans are underway to revert Fedora Rawhide to a safe version of the xz utility, xz-5.4.x, after which it will be safe to redeploy instances of Fedora Rawhide. Red Hat has confirmed that Red Hat Enterprise Linux (RHEL) is not affected by this vulnerability.

The discovery of the XZ Utils backdoor underscores the importance of vigilance and thorough security practices within the open-source community. It also highlights the critical role that individual developers, like Andres Freund, play in maintaining the integrity and security of widely used software.

SourceRed Hat
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.