Exploit:Linux/CVE-2024-3094.A

Guidance for individual users

Keep your operating system and antivirus products up to date. Given that the issue lies in a commonly used open-source project, users should limit their SSH access exposure from the public and be on the lookout for product coverage for the vulnerability.

To learn more about preventing trojans or other malware from affecting individual devices, read about preventing malware infection. For more tips on how to keep your device safe, go to the Microsoft security help & learning portal.

Guidance for enterprise administrators

Following the mitigation steps below can help prevent malware attacks:

• Reset passwords for any impacted user accounts. Look for new user accounts on devices impacted by the vulnerability. Downgrading the XZ utility or removing a compromised instance does not remediate post-compromise activity by a threat actor with privileged access if exploitation occurred.
• Harden internet-facing assets and ensure they have the latest security updates. Use threat and vulnerability management to audit these assets regularly for vulnerabilities, misconfigurations, and suspicious activity.
• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown variants.
• Turn on tamper protection features to prevent attackers from stopping security services.