Late final year, landave, a self-described “Computer Science tyro enjoying cryptography, retreat engineering, and other information confidence topics,” detected dual startling confidence holes in 7-Zip, a giveaway zip module I’ve recommended for years.
Bottom line: If we haven’t updated 7-Zip in a past few days, get off your tail and do it now.
The bugs are pointed and, as best as we can tell, have never been leveraged in a wild. But that’s going to change as landave’s research reaches a mainstream.
Details of a bugs have to do with 7-Zip memory corruption, done worse by not using ASLR and DEP, and a store aegis crawl in a cringe routine. Landave practical for, and received, a MITRE number for a latter, CVE-2017-17969.
There’s been a lot of behind and forth about a bugs, though a upshot is that 7-Zip’s creator, Igor Pavlov, expelled a new chronicle of 7-Zip, chronicle 18.01, on Jan. 28. That’s a chronicle we need.
If we use 7-Zip, we can see that chronicle you’re using by starting 7-Zip and clicking on Help About 7-Zip. If we have a chronicle before to 18.01, get a new one. Now.
Updating 7-Zip couldn’t be simpler.
Step 1. Go to a central 7-Zip page and click a couple to download possibly a 32-bit or 64-bit version.
Step 2. Right-click on a 7z1801-x64.exe file, and select Run as administrator. If we get a “Windows stable your PC” summary from SmartScreen, fuss an suitable epithet, click a couple for “More information,” afterwards click “Run anyway.”
Step 3. Click approbation on a User Account Control prompt, select a end folder, let a installer run, and reboot your computer.
7-Zip has a lot of good features. Don’t let it punch you.
Thx to Günter Born
(P.S. Not certain where landave goes to school, though he only published a PhD-worthy dissertation.)
Join us for one-year birthday libations on a AskWoody Lounge.