Critical 7-Zip Vulnerabilities Put Windows PCs‍ at Risk ‌- Update Now!

October 11, 2023 – Millions‍ of Windows users are unknowingly vulnerable to ‍potential cyberattacks due to recently disclosed ‌security flaws in the popular file compression utility, 7-Zip.Two high-severity vulnerabilities, scoring a 7 out of 10 ⁢on the⁣ CVSS scale, could allow ⁣malicious archives to “escape” ⁣designated recovery folders and write ‍files to⁣ sensitive system locations, potentially compromising system‍ functionality.

The‍ vulnerabilities were initially patched by 7-Zip developer ‌ Igor Pavlov on⁤ July 5th, 2023, with the release of version 25.00. However, the public disclosure of the issue didn’t occur‌ until October 7th, 2023, leaving a⁤ notable window of chance for attackers. A‌ key factor exacerbating the risk is 7-Zip’s lack of an automatic update mechanism, meaning many installations remain unprotected.

The vulnerabilities exploit how 7-zip handles symbolic links (also known as symlinks), special files that⁤ act as​ shortcuts.A crafted archive can leverage these links to‌ bypass security‌ measures and gain unauthorized access.‌

“A malicious archive can thus ‘escape’ the⁣ recovery folder and write files to sensitive ⁣system roads, with the ​possibility of changing and compromising the⁢ window’s function, at least potentially,”‌ the⁤ security advisory explains.

This isn’t the frist time⁢ 7-zip‍ has faced security scrutiny.Earlier in 2023,⁢ another vulnerability, CVE-2023-0411, was discovered that‌ allowed bypassing Windows’⁢ Mark-of-the-Web security feature, which flags downloaded files as potentially hazardous. That issue was also resolved ‌with a subsequent ​version update (24.09).

How to Protect Your windows PC: Update 7-Zip Instantly

Users running versions of 7-Zip prior ⁢to 25.00 are urged to update immediately. Here’s how:

1. Close 7-Zip: Ensure the application is not running to avoid conflicts during the update process.
2. Visit the Official⁤ Download Page: Go⁣ to https://www.7-zip.org/.
3. download the Correct Version: Click the Download link corresponding to your operating ⁣system: 64-bit Windows X64 ‌for most modern systems, ⁢ 32-bit Windows X86,⁢ etc.
4. Scan the Downloaded File: For added security, perform a fast antivirus scan of the downloaded installation file.
5. Run the Installer: Double-click the ⁢ .exe file and grant administrator permissions when prompted.
6. Install and Close: The setup program​ will ‍detect the previous version ⁤and​ offer to update while preserving existing ‌settings.‌ Click Install > Close.
7. Verify the Update: Restart 7-zip and ⁣confirm the update by navigating to ‍ Help‌ > ‌About 7-Zip. the version number should now ⁢display 25.01.

While ⁢version 25.01 also includes bug fixes and improvements related to ⁤archive handling, the primary reason to update is ⁤to mitigate these critical security vulnerabilities. ⁣Given the potential for exploitation, prompt⁤ action is essential ‍to safeguard your ⁢Windows PC.