Problem solve Get help with specific problems with your technologies, process and projects.

Update 7-ZIP to 18.01 NOW

You might not think that a compression tool like 7-Zip could pose security problems for Windows. If so, you’d be wrong. I just  learned — courtesy of a January 31 post from Woody Leonhard — that older versions of the program are vulnerable. Vulnerable as in having been issued CVE-2017-17969 for buffer overflow attack potential. This leaves PCs open to denial of service attacks (not so good) or the ability to “potentially execute arbitrary code via a crafted ZIP archive” (BAD). That’s why you want to jump up to Igor Pavlov’s 7-Zip page, grab a new copy, and install it right away. As the blog post title proclaims, you should “Update 7-zip to 18.01 NOW!!”

You want to get to version 18.01 (released Jan 18, 2018) or higher, ASAP!!

More About Update 7-ZIP to 18.01 NOW

This comes with one gotcha. Courtesy of its tight integration with File Explorer (7-Zip installs multiple shell extensions by default) you’ll have to reboot PCs once the update has been applied. OTOH, because there still aren’t any known exploits (none that I can find, anyway), you could wait until your next code refresh if you wanted to take a chance. I’m not sure that’s a good idea, though: I just upgraded all my copies of 7-Zip. Woody seems plenty insistent that you wanted to do this on January 30, when he issued his warning. It sure hasn’t gotten any safer in the meantime, either.

I feel strongly enough about this, in fact, that I just opened Secunia PSI to check 7-zip status therein. Sure enough, it shows the older 16.0 version of 7-Zip as “Up-to-date.” By extension that means they think it’s still safe. I’m writing them an e-mail now to inform them otherwise. I’ll also be observing that I kind of expect to hear about this kind of stuff from them via their software, rather than the other way ’round. Wonder if that’ll spur a reaction. If it doesn’t I’m going to have to find a replacement for Secunia PSI. Sigh.

I thought the whole reason I use Secunia PSI is to have it warn me about stuff like this?

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

7-Zip is a file manager and compression and decompression utility like Winrar from Igor Pavlov. High compression ratio in 7z format with LZMA and LZMA2 compression, simple and basic user interface and the most important it is free.
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

Close