The popular archiving application 7-zip has been found to have a vulnerability. This is a current zero-day vulnerability that allows for privilege escalation and command execution. To put it another way, someone with limited access to your computer may get higher-level authority, usually administrative access, and launch commands or apps. This 7-zip Windows vulnerability was discovered by GitHub user Kagancapar, and it has the CVE-2022-29072 reference.
According to Wikipedia, 7-Zip is a free, open-source file archiving programme that has been available for than two decades. It's barebones, straightforward, and effective. Unfortunately, as the Center for Internet Security uncovered, it also has a severe security flaw that can allow for "arbitrary code execution."
Also Read: Currently this is the only major problem with Youtube
Kagancapar gave some interesting background on the vulnerability and how it was discovered. First, they state that 7-zip is hesitant to take responsibility for this flaw because it appears to rely on the Microsoft Help system. However, dropping the custom.7z extension file on the Help window causes a memory overflow in 7zFM.exe, resulting in privilege elevation – hence 7-zip creators should take some responsibility.
Someone who successfully exploits this software bug could install programmes on your computer, read, change, or destroy files, or create new user accounts with full authorizations. The good news is that CIS claims no such incidents have occurred, but the bad news is that the security issue exists in all versions of 7-Zip. Your PC is vulnerable even with the latest update.
The current version of 7-zip for Windows, v21.07, is not patched for the vulnerability as of this writing. If you're worried about the vulnerability affecting your computer or the systems you manage, there are two simple steps you may do to reduce that risk:
If 7-zip somehow doesn't update, the first method of closing the vulnerability is to delete the 7-zip.chm file.
Second method: Only read and run rights should be granted to the 7-zip software. (This is for all users.)
0 Comments