Blog

Alert: Users of 7-Zip Should Immediately Upgrade to the Latest Version

b2ap3_thumbnail_7zip_vulnerability_400.jpgOne of the latest vulnerabilities in open-source software can be found in 7zip, a file archiver and decompresser. 7zip has been found to have several security vulnerabilities which have software developers rushing to fix their products. The damage done extends far beyond 7zip, reaching both people who use 7zip itself, and developers who have used the technology in the creation of their own tools and software.


There are two vulnerabilities, which were discovered by Cisco’s Security Intelligence and Research Group, Talos. In particular, the security report focuses on the fact that these types of vulnerabilities most drastically affect antivirus software programs and others which host compressed or encrypted files. The real issue that comes from these 7zip vulnerabilities is how widespread the software is used; for example, many companies may be using software which supports 7zip without realizing it.

ZDNet explains in full detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyber attackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234, is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In Simple English: These recently discovered vulnerabilities could be executed by hackers to gain control over your device and data.

Also of note is that this technology should be a reminder of what happens when an open-source software that’s used in many places across the Internet becomes vulnerable. While it’s definitely not as scary as Heartbleed, the vulnerability in OpenSSL that struck in April of 2014 that allowed for the theft of encrypted information, these vulnerabilities in 7zip could have been much worse.

Thanks to the efforts of Talos and the 7zip developers, the vulnerabilities have been patched and are available in the latest version of 7zip, V.16.00. Keep in mind that previous versions are still vulnerable to the aforementioned issues and should be updated as soon as possible. This also goes for any software that your company uses that takes advantage of 7zip.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, reach out to us at 603-889-0800.

By accepting you will be accessing a service provided by a third-party external to https://www.whitemtn.com/

Related Posts

Cybersecurity has changed considerably since 2017, and any business that wants to survive in the evolving online environment needs to consider how they are protecting their assets. We want to take a look at precisely how cybersecurity has changed sin...
Security is one of the most important parts of running a business, especially today when organizations rely so heavily on their technology solutions. Some of the most dangerous threats lurk on a business’s network, watching and waiting for an opportu...
If you are one of the many small businesses out there that does not have reliable technical support for the myriad of devices on your network, it might be difficult to imagine a world where your technology gets the maintenance it needs to thrive. Tha...
All business owners should be aware of which Microsoft products they use. It’s one of the many complex and confusing parts of managing your technology. Of course, all great things must eventually come to an end, and the same applies to your mission-c...
Cybersecurity is one of the most talked about problems facing the modern business. This is because cybercrime has increased precipitously while businesses have moved more of their processes onto the computer. Planning how to protect your business’ cr...
We always picture hackers as these foreboding, black-clad criminals, smirking through the shadows cast in their dark room by their computer monitor. Hardened, uncaring individuals who don’t go outside very often, staring at code as if they were able ...
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security c...
Databases are exceptionally useful for allowing access to important data, but they by default expose data to risks depending on how they are stored. If a database is stored in the cloud, for example, it could potentially be exposed to threats that pu...
Security has never been easy for any business that deals with sensitive information. Nowadays, even a small business that uses an Internet connection has to worry about hackers and malware of all types. This is especially problematic for small health...
The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
It doesn’t matter if you are a small locally-owned business or a larger-scale enterprise. Network security is equally important, as all businesses by default collect valuable information for hackers. It makes sense to protect your valuable assets, an...
For many Windows users, the fact that Microsoft is issuing Windows 10 incrementally came as a shock for those who patiently waited for its release date. While users wait, however, hackers are taking advantage of those who are less patient by creating...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services


33 Main Street, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

603-889-0800

Open Positions