* [Blog](https://www.paloaltonetworks.com/blog) * [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/) * [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/) * Find and Fix XZ Utils in ... # Find and Fix XZ Utils in Just a Few Clicks [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ffind-fix-zero-day-cves%2F) [](https://twitter.com/share?text=Find+and+Fix+XZ+Utils+in+Just+a+Few+Clicks&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ffind-fix-zero-day-cves%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ffind-fix-zero-day-cves%2F&title=Find+and+Fix+XZ+Utils+in+Just+a+Few+Clicks&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/find-fix-zero-day-cves/&ts=markdown) \[\](mailto:?subject=Find and Fix XZ Utils in Just a Few Clicks) Link copied By [Mohit Bhasin](https://www.paloaltonetworks.com/blog/author/mohit-bhasin/?ts=markdown "Posts by Mohit Bhasin"), [Alexandre Cezar](https://www.paloaltonetworks.com/blog/author/alexandre-cezar/?ts=markdown "Posts by Alexandre Cezar") and [Nils Jannasch](https://www.paloaltonetworks.com/blog/author/nils-jannasch/?ts=markdown "Posts by Nils Jannasch") Apr 03, 2024 6 minutes [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown) [New CVE](https://www.paloaltonetworks.com/blog/cloud-security/category/new-cve/?ts=markdown) [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown) ## Mitigating CVE-2024-3094 By now you've likely heard about the vulnerability in XZ Utils Data Compression Library that impacted multiple Linux distributions ([CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)) and read the [threat brief](https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/#post-133225-_50343o6a6han) Palo Alto Networks Unit 42 posted. I'm sure you understand all the recommended precautionary measures---downgrading vulnerable XZ Utils versions to 5.4.6 (the latest unaffected version), reverting affected Linux distributions to stable releases and treating any systems identified as vulnerable as potential security threats. But where do you start? Don't panic. Take a deep breath. Let's pause and take a minute to understand the impact of zero-day vulnerabilities before jumping into action. Remember what Benjamin Franklin said--- "By failing to prepare, you are preparing to fail." The following list of questions allows you to plan for a vulnerability like CVE-2024-3094. ## Understanding the Impact of Vulnerabilities: 5 Key Questions to Ask Yourself When a new critical CVE (Common Vulnerabilities and Exposures) is discovered, it's easy to get caught up in the drama and feel like the sky is falling. But before you jump into action, it's important to take a minute to understand the impact of the vulnerability so you can formulate an appropriate response. Here are the top five questions you should ask yourself in such situations: 1. **Does this vulnerability affect me?** What assets are impacted by this vulnerability? Where are they running? Is this a production or non-production environment? 2. **Am I at risk of attack?** Do you have assets at risk of exploitation? What are those? 3. \*\*Did this vulnerability lead to a compromise of my environment?\*\*Do you know if the vulnerability has already been exploited by an attacker? Look for evidence of malicious activity and find any indicators of compromise. 4. **Can I remediate the vulnerability?** Does it have a patch? What needs to be fixed? How is this vulnerability introduced into my environment? 5. **What mitigation measures should we implement?** Can we apply a remediation strategy until the fix is applied, such as a policy to prevent new vulnerable deployments, or implement a control to detect and prevent attacks? Asking these questions is the first step to assessing, prioritizing and mitigating the impact of critical CVEs---without losing your sanity. ## How to Find and Fix CVEs in a Few Simple Clicks More than [7,300 malicious OSS packages were discovered in 2022](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research?ts=markdown) across all major package manager registries according to the GitHub Advisory Database. With software supply chain attacks on the rise, finding and fixing zero-day vulnerabilities needs to be as simple as possible. Yet most security teams don't have the tools they need---unless you count an array of complicated spreadsheets (and you shouldn't). Let's take a look at how easy it can be with [Prisma Cloud](https://www.paloaltonetworks.com/prisma/whyprisma?ts=markdown), the Code-to-Cloud CNAPP... **Step 1: Identify running applications or workloads impacted by the vulnerability** For a specific vulnerability such as CVE-2024-3094, you can search your entire cloud estate, including both production and non-production workloads, and identify all the assets vulnerable to the CVE. With a Code to Cloud view into the comprehensive application lifecycle, it's easy to [trace the vulnerability](https://www.paloaltonetworks.com/prisma/cloud/vulnerability-management?ts=markdown) to the repository where it's stored and all the way back to the package where it originated from. ![Finding vulnerability CVE-2024-3094](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317028-1.png) Figure 1: Search and Investigate View of Vulnerability CVE-2024-3094 **Step 2: Identify who owns the application and its content** The contextual information such as asset name, package version, repo name and owner can help pinpoint the source of the problem. By identifying who owns the application, the security team can figure out who they need to work with to fix the vulnerability. ![A view of the package details for the vulnerability](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317028-2.png) Figure 2: Package Details View **Step 3: Take action to help fix the CVE by submitting a pull request.** In the past, security teams sent emails or shared spreadsheets with developers to get them to remediate a vulnerability. Since Prisma Cloud has already figured out where the source package is, you can submit a pull request to speed up the remediation process. ![See the vulnerable package that needed to be fixed](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317028-3.png) Figure 3: Impacted package that needs to be fixed ## Stay Proactive with CI/CD Guardrails Want to get ahead of your developers and stop them from deploying applications with the vulnerability? With Prisma Cloud [CI/CD security](https://www.paloaltonetworks.com/prisma/cloud/ci-cd-security?ts=markdown) capabilities, you can take proactive measures to prevent the new vulnerable workloads from being deployed. Prevent CVE-2024-3094 and other vulnerabilities from deploying into production by creating a policy that prohibits the release of new workloads with this issue (fail the build in CI) or the deployment of such workloads (block the deployment in CD). ![Set up policies to block vulnerable deployments](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317028-4.png) Figure 4: Vulnerability Policy that blocks XZ-Utils ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-317028-5.gif) ## Detect Attack Paths of Known CVEs Prisma Cloud excels in finding and fixing vulnerabilities, as well as in visualizing potential attack vectors. It offers detailed insights into cloud-based virtual machine exposures, highlighting instances where they are publicly accessible, which increases their susceptibility to potential security breaches. Our attack path policy, crafted specifically for this CVE, identifies cloud instances that are publicly accessible and vulnerable to CVE-2024-3094. This vulnerability could allow attackers to execute code arbitrarily, gain unauthorized control, and potentially pivot to other systems within the network. Highlighting these pathways is crucial for enabling faster response times and mitigating risks before they escalate into breaches or data loss. ## Learn More Don't just read about how Prisma Cloud can help---experience it for yourself! The UX Utils product tour is an interactive demo guiding you through steps to find and fix the CVE using Prisma Cloud. See it in action [here](https://app.storylane.io/share/rxyzjyb1eujb). Vulnerabilities are a way of life for security professionals, but that doesn't mean they have to be the bane of your existence. By understanding the impact, creating a plan and staying proactive, you can make your own life easier in the process. Prisma Cloud's platform approach to cloud security allows you to be the hero when it comes to managing vulnerabilities. Put Prisma Cloud's vulnerability management to work in your own environment---[try a 30-day Prisma Cloud trial](https://www.paloaltonetworks.com/prisma/request-a-prisma-cloud-trial?ts=markdown). Additionally, [Cortex XDR and XSIAM](https://www.paloaltonetworks.com/cortex?ts=markdown) customers with a [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) integration will receive alerts from Prisma Cloud when a vulnerable version of XZ utils is identified on managed cloud assets. *** ** * ** *** ## Related Blogs ### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com) [#### The Case for Multidomain Visibility](https://www.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/) ### [CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com) [#### Salesforce-Connected Third-Party Drift Application Incident Response](https://www.paloaltonetworks.com/blog/2025/09/salesforce-third-party-application-incident-response/) ### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown) [#### Analyze Vulnerabilities (CVEs) with Confidence](https://www.paloaltonetworks.com/blog/cloud-security/vulnerability-management-intelligence-stream/) ### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown) [#### Code to Cloud Security: July Prisma Cloud Updates Overview](https://www.paloaltonetworks.com/blog/cloud-security/cnapp-product-updates-july/) ### [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/category/zero-trust-security/?ts=markdown) [#### Attack Vectors at a Glance](https://www.paloaltonetworks.com/blog/2024/08/attack-vectors-at-a-glance/) ### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/category/vulnerability-management/?ts=markdown) [#### Why EPSS Scores Matter for Vulnerability Management](https://www.paloaltonetworks.com/blog/cloud-security/epss-scores/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language