Problem solve Get help with specific problems with your technologies, process and projects.

Update 7-ZIP to 18.01 NOW

You might not think that a compression tool like 7-Zip could pose security problems for Windows. If so, you’d be wrong. I just  learned — courtesy of a January 31 post from Woody Leonhard — that older versions of the program are vulnerable. Vulnerable as in having been issued CVE-2017-17969 for buffer overflow attack potential. This leaves PCs open to denial of service attacks (not so good) or the ability to “potentially execute arbitrary code via a crafted ZIP archive” (BAD). That’s why you want to jump up to Igor Pavlov’s 7-Zip page, grab a new copy, and install it right away. As the blog post title proclaims, you should “Update 7-zip to 18.01 NOW!!”

Update 7-ZIP to 18.01 NOW

You want to get to version 18.01 (released Jan 18, 2018) or higher, ASAP!!

More About Update 7-ZIP to 18.01 NOW

This comes with one gotcha. Courtesy of its tight integration with File Explorer (7-Zip installs multiple shell extensions by default) you’ll have to reboot PCs once the update has been applied. OTOH, because there still aren’t any known exploits (none that I can find, anyway), you could wait until your next code refresh if you wanted to take a chance. I’m not sure that’s a good idea, though: I just upgraded all my copies of 7-Zip. Woody seems plenty insistent that you wanted to do this on January 30, when he issued his warning. It sure hasn’t gotten any safer in the meantime, either.

I feel strongly enough about this, in fact, that I just opened Secunia PSI to check 7-zip status therein. Sure enough, it shows the older 16.0 version of 7-Zip as “Up-to-date.” By extension that means they think it’s still safe. I’m writing them an e-mail now to inform them otherwise. I’ll also be observing that I kind of expect to hear about this kind of stuff from them via their software, rather than the other way ’round. Wonder if that’ll spur a reaction. If it doesn’t I’m going to have to find a replacement for Secunia PSI. Sigh.

Update 7-ZIP to 18.01 NOW

I thought the whole reason I use Secunia PSI is to have it warn me about stuff like this?

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

l will be glad if l get in touch with it
Cancel
Thanks for passing that piece of info along Ed.
Cancel

You're welcome, Todd. I've now got NoMiner or MinerBlock installed in of the browsers I use regularly. No telling when the antimalware packages will get around to including this kind of coverage in their offerings.

--Ed--

Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close