{"id":212979,"date":"2024-04-02T13:07:52","date_gmt":"2024-04-02T13:07:52","guid":{"rendered":"https:\/\/www.techopedia.com\/?post_type=news&p=212979"},"modified":"2024-04-02T13:07:52","modified_gmt":"2024-04-02T13:07:52","slug":"microsoft-engineer-foils-major-linux-backdoor-plot","status":"publish","type":"news","link":"https:\/\/www.techopedia.com\/news\/microsoft-engineer-foils-major-linux-backdoor-plot","title":{"rendered":"Microsoft Engineer Foils Major Linux Backdoor Plot"},"content":{"rendered":"

Microsoft developer uncovered a hidden Linux backdoor, preventing a potential widespread security disaster.<\/strong><\/p>\n

Last week, an \u201curgent\u201d Linux<\/a> backdoor was accidentally discovered. Red Hat urgently warned<\/a> that recent versions of Fedora operating systems contained malicious code for backdoor access, and Debian issued<\/a> a similar warning.<\/span><\/p>\n

A security issue was averted after a Microsoft<\/a> software engineer, Andres Freund, stumbled upon a backdoor deliberately embedded in xz Utils, an open-source data compression toolkit used in Linux and all Unix-like operating systems.<\/p>\n

Thanks to the diligence of a Microsoft software engineer, a catastrophe was prevented. However, this still represents a serious incident as the backdoor update was about to be added to major Linux operating systems.<\/p>\n

xz Utils is found everywhere Linux is present, providing a very effective data compression and decompression function and supporting the legacy .Izma format.<\/p>\n

Freund was working on Microsoft\u2019s PostgreSQL system when he was occupied with troubleshooting. SSH logins, the protocol for logging into devices over the internet remotely, took up too many CPU cycles and ran into problems with Valgrind, a computer memory tool.<\/p>\n

With some fortune, Freund\u2019s endeavors led him to discover the source of the issue. Those were the updates applied to xz utils, enabling him to raise the alarm.<\/p>\n

On March 29, he accessed the Open Source Security List to detail the updates after malicious actors had placed the backdoor into the software in a venture likely to have taken years to construct.<\/p>\n

\n

Microsoft FAQ and guidance for XZ Utils backdoor https:\/\/t.co\/YCF0VknpU5<\/a><\/p>\n

— Everything Microsoft (@EverythingMS) April 2, 2024<\/a><\/p><\/blockquote>\n