7-Zip bug could allow a bypass of a Windows security feature – update now


A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows.

The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 2022. The MotW also makes sure that Office documents that are marked with the MotW will be opened in Protected View, which automatically enables read-only mode and means that all macros will be disabled until the user allows them.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter


Related:

  • Ivanti Releases February 2025 Security Updates

    February 12, 2025

    Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...

  • SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)

    February 12, 2025

    A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...

  • Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

    February 10, 2025

    On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted ...

  • U.K. orders Apple to let it spy on users’ encrypted accounts

    February 7, 2025

    Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not ...

  • Cisco Releases Security Advisories for Multiple Products

    February 6, 2025

    Cisco has released nine security advisories addressing multiple vulnerabilities, including one critical and two high severity advisories affecting Cisco Identity Services Engine (ISE), Cisco NX-OS, Cisco Expressway, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance. The critical vulnerability affects Cisco ISE and Cisco ISE ...

  • Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

    February 5, 2025

    Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers. Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, ...