Microsoft has discovered vulnerabilities in system components commonly used on Linux desktops that could allow an attacker to elevate privileges to root and install malware. 

Gaining root privileges on a compromised Linux desktop would allow the attackers to perform nefarious tasks, such as installing a root backdoor, or to undertake other malicious actions via arbitrary root code execution via the flaws Microsoft is calling Nimbuspwn.

"Moreover, the Nimbuspwn vulnerabilities could potentially be leveraged as a vector for root access by more sophisticated threats, such as malware or ransomware, to achieve greater impact on vulnerable devices," Microsoft said.

Security

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next

The two bugs, tracked as CVE-2022-29799 and CVE-2022-29800, were found in networkd-dispatcher, a dispatcher service for systemd-networkd network connection status changes. Microsoft said it discovered the vulnerabilities by listening to messages on the System Bus while performing code reviews and dynamic analysis on services that run as root