Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: 7-Zip Software Can Leave Your System Vulnerable

Alert: 7-Zip Software Can Leave Your System Vulnerable

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity IT Support Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Managed IT Services Upgrade Phishing Windows Outsourced IT Ransomware Data Backup Windows 10 Office Data Recovery Server Save Money Cloud Computing Windows 10 Passwords Saving Money Holiday Gadgets Chrome Social Media Virtualization Tech Term Managed IT Services Automation Microsoft Office Managed Service Operating System Facebook Artificial Intelligence Cybercrime Computers BYOD Mobile Device Management Networking IT Support Internet of Things Hacking Wi-Fi Health Spam Office 365 Covid-19 Telephone Systems Managed Service Provider Information Information Technology Alert Remote Bandwidth Router BDR Social Engineering Mobility Recovery Employer-Employee Relationship Encryption Application Remote Monitoring Applications Data Breach Law Enforcement App History Big Data Password Human Resources Money Mobile Computing Data Storage Patch Management Mobile Office Government Blockchain Paperless Office Office Tips Training Private Cloud VPN Managed IT How To Apps Remote Computing Website Budget Mouse HaaS Vulnerability Google Drive Windows 7 Word Avoiding Downtime Servers Wireless Gmail Data Security Settings Infrastructure Flexibility Voice over Internet Protocol Bring Your Own Device Data Management Marketing Work/Life Balance WiFi Two-factor Authentication IT solutions Entertainment End of Support Social Data Protection USB Education Physical Security Conferencing User Error Safety Vendor Scam Sports Meetings HIPAA Redundancy Managed Services Keyboard Display Risk Management Hacker Vendor Management Staff Employee/Employer Relationship Software as a Service Telephone System Machine Learning RMM The Internet of Things Lithium-ion battery Connectivity Remote Work Save Time Firewall Cleaning Virtual Reality Apple Help Desk Shadow IT Cryptocurrency Network Congestion eWaste Printing Legal Internet Exlporer Comparison IT Consultant Business Intelligence Managed Services Provider CES PDF Wearable Technology Audit Database Worker Retail IT Management Humor Hard Drives Content Management Instant Messaging Proactive IT Business Technology Remote Workers Botnet Access Control Robot Excel Best Practice IT Plan Processor Biometrics YouTube Virtual Assistant Authentication Virtual Desktop Black Market Unsupported Software Hard Drive DDoS Charger Document Management Computing Solid State Drive Update Compliance Wireless Technology SharePoint OneNote How to Computer Care Downtime Current Events Telephony Virus Google Docs Customer Service Identity Theft Samsung Data storage Unified Threat Management Automobile Environment Digital Signage Computer Accessories Fax Server Value Computing Infrastructure Spam Blocking Electronic Medical Records Going Green Augmented Reality SaaS Fraud Procurement Net Neutrality Printer Hiring/Firing Workplace Strategy Remote Worker Bluetooth Battery Bloatware webinar Emergency Employees Tip of the week Employee/Employer Relationships Audiobook Recycling Professional Services Practices Public Cloud ISP Printer Server Employer Employee Relationship Touchpad Windows 365 Wiring Video Conferencing Cache ROI Amazon Web Services Tablets Assessment Entrepreneur Shortcuts Advertising Sales Safe Mode Windows Server 2008 Bitcoin Politics Criminal GDPR Tools Personal Hosted Computing Cryptomining Point of Sale Notifications Supply Chain Management Wireless Internet Shortcut Online Shopping Television Cost Management Monitoring File Sharing Batteries Camera Digitize Inventory Social Networking Specifications Windows 8.1 Wire Windows Server 2008 R2 Evernote Public Computer Relocation Travel Transportation Customer relationships Regulations Email Best Practices Printers Running Cable IT Assessment Computer Fan Manufacturing Video Games Millennials Rootkit Smart Office Worker Commute Wireless Charging Memory Managed IT Service Experience Consultant Workers Security Cameras Benefits Computer Tips Virtual CIO Virtual Private Network OneDrive FENG Biometric Security Scalability Analytics Workforce Peripheral Business Owner Cables IBM Flash Using Data Best Available Smart Technology NarrowBand Digital Security Cameras Project Management Copiers WIndows 7 Nanotechnology 5G Search Telecommuting Science Supercomputer iPhone Quick Tip Software Tips Cortana Sync Digital Signature Emails Smartwatch Ergonomics Warranty Distributed Denial of Service Development Customer Relationship Management OLED Files PCI DSS HVAC Virtual Machine Google Apps Analyitcs Fiber Optics Analysis Programming Netflix Employee Two Factor Authentication Chromecast 2FA Administrator Messaging User Devices Root Cause Analysis Cabling PowerPoint Windows Media Player Knowledge Colocation Music Uninterrupted Power Supply Policy Enterprise Content Management HBO Hypervisor Skype Trend Micro Accountants Dark mode MSP Antivirus Microchip SMS Managing Stress Thought Leadership Data loss Default App Credit Cards Windows 8 Monitor Leadership Troubleshooting Procedure Password Management IT service Outlook Saving Time Password Manager Start Menu Shopping Google Search Cameras Multi-Factor Security dark theme Streaming Media Search Engine AI Twitter Screen Mirroring IT Infrastructure Tablet Loyalty Reputation Bing Books Tech Support FinTech NIST Domains Frequently Asked Questions Content Business Mangement Mobile Social Network Smart Tech Windows 10s Techology Trending Laptop IaaS Addiction Maintenance Cast Investment Amazon Customers

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code