7-ZIP Vulnerability

20 April, 2022

Recently, a vulnerability has been detected for 7-Zip; currently, there is no patch for it. However, there is a way to mitigate it in the meantime.

It involves deleting the file "7-Zip.chm".

Please refer to the below URL for more details:

Reference Articles

https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/

Recommended Action

We’ve written a script to identify and delete any file named 7-Zip.chm. We recommend running this on all machines in your environment over the next few days effective in the next hour.

Procedure name: "7Zip Vulnerability Scan and Report to GetFile" - It will find any 7zip file vulnerabilities, update the custom field with results, capture and also report to GetFiles, and, will delete any file named "7-Zip.chm"

In an extended version, it can collate all the results in a common CSV file taking the data exported through multiple machines to provide a common report of the vulnerability reported against all the machines the procedure is run against.

Once remediated, it will update the custom field with the details.

If the script is blocked by AV it will update "Log Missing" in the CF. The script, log, data, and report are on each machine at our standard logging location.