Update 7-ZIP to 18.01 NOW
You might not think that a compression tool like 7-Zip could pose security problems for Windows. If so, you’d be wrong. I just learned — courtesy of a January 31 post from Woody Leonhard — that older versions of the program are vulnerable. Vulnerable as in having been issued CVE-2017-17969 for buffer overflow attack potential. This leaves PCs open to denial of service attacks (not so good) or the ability to “potentially execute arbitrary code via a crafted ZIP archive” (BAD). That’s why you want to jump up to Igor Pavlov’s 7-Zip page, grab a new copy, and install it right away. As the blog post title proclaims, you should “Update 7-zip to 18.01 NOW!!”
Download: Our 23-Page Editorial Collection of Windows 10 Blog Content
Inside this exclusive download offer, you’ll find a compilation of all of our top followed Windows 10 blog content written by our expert editors, who combined have over 30 years of experience in the IT industry. We’ve compiled a variety of these expert blogs for you - offering best practices and breakdowns designed to help IT professionals tackle the top Windows 10 tips, tricks, concerns and more.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
You want to get to version 18.01 (released Jan 18, 2018) or higher, ASAP!!
More About Update 7-ZIP to 18.01 NOW
This comes with one gotcha. Courtesy of its tight integration with File Explorer (7-Zip installs multiple shell extensions by default) you’ll have to reboot PCs once the update has been applied. OTOH, because there still aren’t any known exploits (none that I can find, anyway), you could wait until your next code refresh if you wanted to take a chance. I’m not sure that’s a good idea, though: I just upgraded all my copies of 7-Zip. Woody seems plenty insistent that you wanted to do this on January 30, when he issued his warning. It sure hasn’t gotten any safer in the meantime, either.
I feel strongly enough about this, in fact, that I just opened Secunia PSI to check 7-zip status therein. Sure enough, it shows the older 16.0 version of 7-Zip as “Up-to-date.” By extension that means they think it’s still safe. I’m writing them an e-mail now to inform them otherwise. I’ll also be observing that I kind of expect to hear about this kind of stuff from them via their software, rather than the other way ’round. Wonder if that’ll spur a reaction. If it doesn’t I’m going to have to find a replacement for Secunia PSI. Sigh.
I thought the whole reason I use Secunia PSI is to have it warn me about stuff like this?
Start the conversation
0 comments