Windows Enterprise Desktop

Feb 14 2018   12:32PM GMT

Update 7-ZIP to 18.01 NOW

Ed Tittel Ed Tittel Profile: Ed Tittel

Tags:
Windows 10
Windows Security

You might not think that a compression tool like 7-Zip couldĀ pose security problems for Windows. If so, you’d be wrong. I justĀ  learned — courtesy of a January 31 post from Woody Leonhard — that older versions of the program are vulnerable. Vulnerable as in having been issued CVE-2017-17969 for buffer overflow attack potential. This leaves PCs open to denial of service attacks (not so good) or the ability to “potentially execute arbitrary code via a crafted ZIP archive” (BAD). That’s why you want to jump up to Igor Pavlov’s 7-Zip page, grab a new copy, and install it right away. As the blog post title proclaims, you should “Update 7-zip to 18.01 NOW!!”

Update 7-ZIP to 18.01 NOW

You want to get to version 18.01 (released Jan 18, 2018) or higher, ASAP!!

More About Update 7-ZIP to 18.01 NOW

This comes with one gotcha. Courtesy of its tight integration with File Explorer (7-Zip installs multiple shell extensions by default) you’ll have to reboot PCs once the update has been applied. OTOH, because there still aren’t any known exploits (none that I can find, anyway), you could wait until your next code refresh if you wanted to take a chance. I’m not sure that’s a good idea, though: I just upgraded all my copies of 7-Zip. Woody seems plenty insistent that you wanted to do this on January 30, when he issued his warning. It sure hasn’t gotten any safer in the meantime, either.

I feel strongly enough about this, in fact, that I just opened Secunia PSI to check 7-zip status therein. Sure enough, it shows the older 16.0 version of 7-Zip as “Up-to-date.” By extension that means they think it’s still safe. I’m writing them an e-mail now to inform them otherwise. I’ll also be observing that I kind of expect to hear about this kind of stuff from them via their software, rather than the other way ’round. Wonder if that’ll spur a reaction. If it doesn’t I’m going to have to find a replacement for Secunia PSI. Sigh.

Update 7-ZIP to 18.01 NOW

I thought the whole reason I use Secunia PSI is to have it warn me about stuff like this?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: