7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now – BleepingComputer
HPE investigates breach as hacker claims to steal source codeMicrosoft fixes Windows Server 2022 bug breaking device bootFTC cracks down on Genshin Impact gacha loot box practicesOtelier data breach exposes info, hotel reservations of millionsSonicWall warns of SMA1000 RCE flaw exploited in zero-day attacksStealthy ‘Magic Packet’ malware targets Juniper VPN gatewaysTesla EV charger hacked twice on second day of Pwn2Own TokyoAutomate administrative work with $20 Windows PowerShell trainingHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeA high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers when extracting malicious files from nested archives.7-Zip added support for MotW in June 2022, starting with version 22.00. Since then, it has automatically added MotW flags (special ‘Zone.Id’ alternate data streams) to all files extracted from downloaded archives.This flag informs the operating system, web browsers, and other applications that files may come from untrusted sources and should be treated with caution.As a result, when double-clicking risky files extracted using 7-Zip, users will be warned that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices.Microsoft Office will also check for the MotW flags, and if found, it will open documents in Protected View, which automatically enables read-only mode and disables all macros.However, as Trend Micro explained in an advisory published over the weekend, a security flaw tracked as CVE-2025-0411 can let attackers bypass these security warnings and execute malicious code on their targets’ PCs.”This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” Trend Micro says.”The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.”Luckily, 7-Zip developer Igor Pavlov has already patched this vulnerability on November 30, 2024, with the release of 7-Zip 24.09.”7-Zip File Manager didn’t propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive),” Pavlov said.However, since 7-Zip doesn’t have an auto-update feature, many users are likely still running a vulnerable version that threat actors could exploit to infect them with malware.All 7-Zip users should patch their installs as soon as possible, considering that such vulnerabilities are often exploited in malware attacks.For instance, in June, Microsoft addressed a Mark of the Web security bypass vulnerability (CVE-2024-38213) that DarkGate malware operators have exploited in the wild as a zero-day since March 2024 to circumvent SmartScreen protection and install malware camouflaged as installers for Apple iTunes, NVIDIA, Notion, and other legitimate software.The financially motivated Water Hydra (aka DarkCasino) hacking group has also exploited another MotW bypass (CVE-2024-21412) in attacks targeting stock trading Telegram channels and forex trading forums with the DarkMe remote access trojan (RAT).New Windows Server 2012 zero-day gets free, unofficial patchesWindows 11 24H2 now also offered to all eligible Windows 10 PCsMicrosoft starts force upgrading Windows 11 22H2, 23H3 devicesMicrosoft expands testing of Windows 11 admin protection featureNew UEFI Secure Boot flaw exposes systems to bootkits, patch nowThank you….I hate the “Mark of the Web” security warnings. I feel that they do nothing useful, and only train users to click whatever will allow them to continue what they are doing without reading or taking the time to understand what is going on.Literally NOTHING matters in that aspect for users. I’ve seen dozens of systems with different type of warnings, and still, users click without reading and giving it a thought.
That said, I really hope MS greenlight the password/pin requirement to run as adm that is rolling on insiders rn. That, if nothing, will have some impact.I doubt that requiring people to enter their password/pin more frequently will do anything more than annoy people. What we’ll see is thousands of hits on articles/videos telling people how to turn it off.7Zip is terrible.
This is what? The 10th Critical 0day in 2 years?
It has no ‘auto-update’ feature, so every regular users that installed this will always be vulnerable.
Stick to Winrar, there’s a reason it’s the only compression ever used by ‘pirates’/piracy.Pirates aren’t known for good security. Rather, they’re known for being frequent victims of the “stop” ransomware. I can’t even begin to guess how many hundreds of them I had to try to help back in the day (or rather had to tell their files were unrecoverable due to the encryption).Not a member yet? Register NowCloudflare mitigated a record-breaking 5.6 Tbps DDoS attackHPE investigates breach as hacker claims to steal source codeRansomware gangs pose as IT support in Microsoft Teams phishing attacksGenerative AI: An MFA Game Changer for Security and Hacker StrategyPassword health-check overdue? Audit your Active Directory for freePassword health-check overdue? Audit your Active Directory for freeCriminal IP Teams Up with OnTheHub for Digital Education CybersecurityCriminal IP: Real-Time Phishing Protection for Outlook UsersTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
