Vulnerability Management

High-Severity 7-Zip Bug Evades Windows MotW Warnings

(Microsoft)

Widely-used open-source file archiver tool 7-Zip was disclosed by Trend Micro to be impacted by now-addressed high-severity flaws that attackers could leverage to evade Windows Mark of the Web (MotW) security defenses that could lead to malware deployment, SC Media reports.

With 7-Zip lacking automatic updating mechanisms, manual installation of 7-Zip version 24.09 has been recommended to remediate the security issue, which prevents MotW flagging of malicious downloaded files.

Such a development comes amid the increasing prevalence of vulnerabilities circumventing MotW warnings, including a Windows bug that hindered MotW labeling for files obtained from internet-downloaded ZIP archives, which had been addressed in an unofficial fix from 0patch.

Another Microsoft issue foiling security warnings for files with atypical Authenticode signatures, which had been leveraged in a Magniber ransomware campaign, had also been remediated by 0patch.

You can skip this ad in 5 seconds

Cookies

This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.