Security News 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,601
Content source
https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.

7-Zip added support for MotW in June 2022, starting with version 22.00. Since then, it has automatically added MotW flags (special 'Zone.Id' alternate data streams) to all files extracted from downloaded archives.

This flag informs the operating system, web browsers, and other applications that files may come from untrusted sources and should be treated with caution.
Click to expand...
Luckily, 7-Zip developer Igor Pavlov has already patched this vulnerability on November 30, 2024, with the release of 7-Zip 24.09.

"7-Zip File Manager didn't propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive)," Pavlov said.
Click to expand...
www.bleepingcomputer.com

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
www.bleepingcomputer.com www.bleepingcomputer.com
malwaretips.com

New Update - 7-Zip Stable and Beta version

What's new after 7-Zip 22.01: 7-Zip now can use new ARM64 filter for compression to 7z and xz archives. ARM64 filter can increase compression ratio for data containing executable files compiled for ARM64 (AArch64) architecture. Also 7-Zip now parses executable files (that have exe and dll...
malwaretips.com malwaretips.com
Looking at other archive software that use 7-Zip, like for example NanaZip, that uses 7-Zip 24.09 only in the latest preview version and not in the stable version yet.
malwaretips.com

New Update - NanaZip

NanaZip is an open source file archiver intended for the modern Windows experience, forked from the source code of well-known open source file archiver 7-Zip. https://github.com/M2Team/NanaZip
malwaretips.com malwaretips.com
So, be aware, that other archivers/software can have the same vulnerability.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Berny, Jonny Quest, Adrian Ścibor and 7 others

Similar threads

Gandalf_The_Grey
    • Like
Security News 7-Zip MotW bypass exploited in zero-day attacks against Ukraine
Replies
1
Views
328
Security News
Andy Ful
Andy Ful
Gandalf_The_Grey
    • Like
    • +Reputation
Security News New attack uses MSC files and Windows XSS flaw to breach networks
Replies
1
Views
3,080
Security News
NoVirusThanks
NoVirusThanks
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Replies
2
Views
312
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top