Widely-used open-source file archiver tool 7-Zip was disclosed by Trend Micro to be impacted by now-addressed high-severity flaws that attackers could leverage to evade Windows Mark of the Web (MotW) security defenses that could lead to malware deployment, SC Media reports.
With 7-Zip lacking automatic updating mechanisms, manual installation of 7-Zip version 24.09 has been recommended to remediate the security issue, which prevents MotW flagging of malicious downloaded files.
Such a development comes amid the increasing prevalence of vulnerabilities circumventing MotW warnings, including a Windows bug that hindered MotW labeling for files obtained from internet-downloaded ZIP archives, which had been addressed in an unofficial fix from 0patch.
Another Microsoft issue foiling security warnings for files with atypical Authenticode signatures, which had been leveraged in a Magniber ransomware campaign, had also been remediated by 0patch.
