Query Details
CVE 2024 3094 With CVSS Score 10
Query
//CVE-2024-3094 with CVSS Score 10 //https://www.linkedin.com/posts/activity-7179670729532092416-b5Yb/ //CVE-2024-3094 with CVSS Score 10/10 //Cyber defenders take note there is a supply chain compromise on the popular Linux XZ utils, if you have Linux running on Azure with Microsoft Defender for Cloud (MDC) enabled, run the below interim KQL to check if your Azure Cloud Linux servers are impacted and the latter KQL when Microsoft update their TVM database for this critical CVE.🫡 //Interim KQL: DeviceTvmSoftwareInventory | where SoftwareName contains "xz" | where SoftwareVersion contains "5.6." //KQL to use when Microsoft update their TVM database definitions: DeviceTvmSoftwareVulnerabilities | where CveId == "CVE-2024-3094" //CISA Alert: //https://lnkd.in/gAkiCfBS //Red Hat Alert: //https://lnkd.in/g2BGRGTy
Explanation
This query is designed to help cyber defenders identify if their Azure Cloud Linux servers are impacted by a critical vulnerability (CVE-2024-3094) with a CVSS score of 10, which indicates a severe security risk. The vulnerability affects the popular Linux XZ utils.
-
Interim Check: The first part of the query checks for the presence of the vulnerable software version (XZ utils version 5.6) on your Azure Cloud Linux servers.
DeviceTvmSoftwareInventory | where SoftwareName contains "xz" | where SoftwareVersion contains "5.6." -
Post-Update Check: The second part of the query should be used after Microsoft updates their Threat and Vulnerability Management (TVM) database. It checks for the specific CVE (CVE-2024-3094) in the list of software vulnerabilities.
DeviceTvmSoftwareVulnerabilities | where CveId == "CVE-2024-3094"
Additionally, the query includes links to alerts from CISA and Red Hat for further information on the vulnerability.
Details
Steven Lim
Released: August 2, 2024
Tables
Keywords
Operators