Windows Enterprise Desktop

Feb 14 2018   12:32PM GMT

Update 7-ZIP to 18.01 NOW

Ed Tittel Ed Tittel Profile: Ed Tittel

Tags:
Windows 10
Windows Security

You might not think that a compression tool like 7-Zip couldĀ pose security problems for Windows. If so, you’d be wrong. I justĀ  learned — courtesy of a January 31 post from Woody Leonhard — that older versions of the program are vulnerable. Vulnerable as in having been issued CVE-2017-17969 for buffer overflow attack potential. This leaves PCs open to denial of service attacks (not so good) or the ability to “potentially execute arbitrary code via a crafted ZIP archive” (BAD). That’s why you want to jump up to Igor Pavlov’s 7-Zip page, grab a new copy, and install it right away. As the blog post title proclaims, you should “Update 7-zip to 18.01 NOW!!”

Update 7-ZIP to 18.01 NOW

You want to get to version 18.01 (released Jan 18, 2018) or higher, ASAP!!

More About Update 7-ZIP to 18.01 NOW

This comes with one gotcha. Courtesy of its tight integration with File Explorer (7-Zip installs multiple shell extensions by default) you’ll have to reboot PCs once the update has been applied. OTOH, because there still aren’t any known exploits (none that I can find, anyway), you could wait until your next code refresh if you wanted to take a chance. I’m not sure that’s a good idea, though: I just upgraded all my copies of 7-Zip. Woody seems plenty insistent that you wanted to do this on January 30, when he issued his warning. It sure hasn’t gotten any safer in the meantime, either.

I feel strongly enough about this, in fact, that I just opened Secunia PSI to check 7-zip status therein. Sure enough, it shows the older 16.0 version of 7-Zip as “Up-to-date.” By extension that means they think it’s still safe. I’m writing them an e-mail now to inform them otherwise. I’ll also be observing that I kind of expect to hear about this kind of stuff from them via their software, rather than the other way ’round. Wonder if that’ll spur a reaction. If it doesn’t I’m going to have to find a replacement for Secunia PSI. Sigh.

Update 7-ZIP to 18.01 NOW

I thought the whole reason I use Secunia PSI is to have it warn me about stuff like this?

3  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Mina361
    l will be glad if l get in touch with it
    10 pointsBadges:
    report
  • ToddN2000
    Thanks for passing that piece of info along Ed.
    102,225 pointsBadges:
    report
  • Ed Tittel

    You're welcome, Todd. I've now got NoMiner or MinerBlock installed in of the browsers I use regularly. No telling when the antimalware packages will get around to including this kind of coverage in their offerings.

    --Ed--

    11,065 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: