7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,750
6
81,461
8,389
54
The Netherlands
Content source
https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.

7-Zip added support for MotW in June 2022, starting with version 22.00. Since then, it has automatically added MotW flags (special 'Zone.Id' alternate data streams) to all files extracted from downloaded archives.

This flag informs the operating system, web browsers, and other applications that files may come from untrusted sources and should be treated with caution.
Click to expand...
Luckily, 7-Zip developer Igor Pavlov has already patched this vulnerability on November 30, 2024, with the release of 7-Zip 24.09.

"7-Zip File Manager didn't propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive)," Pavlov said.
Click to expand...
www.bleepingcomputer.com

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
www.bleepingcomputer.com www.bleepingcomputer.com
malwaretips.com

New Update - 7-Zip Stable and Beta version - Updates Thread

What's new after 7-Zip 22.01: 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture. Also 7-Zip now parses executable files (that have exe and dll...
malwaretips.com malwaretips.com
Looking at other archive software that use 7-Zip, like for example NanaZip, that uses 7-Zip 24.09 only in the latest preview version and not in the stable version yet.
malwaretips.com

New Update - NanaZip

NanaZip is an open source file archiver intended for the modern Windows experience, forked from the source code of well-known open source file archiver 7-Zip. https://github.com/M2Team/NanaZip
malwaretips.com malwaretips.com
So, be aware, that other archivers/software can have the same vulnerability.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Berny, Jonny Quest, Adrian Ścibor and 7 others
You must log in or register to reply here.

You may also like...