Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: 7-Zip Software Can Leave Your System Vulnerable

Total Tech Care Blog
0 Comments
Alert: 7-Zip Software Can Leave Your System Vulnerable

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 866-348-2602.

Tweet
Tags:
Security Software Alert
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 28 February 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications IT Support Smartphones Communication Business Continuity Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Business Management Users Managed IT Services Upgrade Windows Phishing Ransomware Data Backup Outsourced IT Windows 10 Data Recovery Office Server Save Money Cloud Computing Windows 10 Passwords Virtualization Saving Money Gadgets Holiday Social Media Tech Term Chrome Managed IT Services Automation Managed Service Microsoft Office Computers Facebook Artificial Intelligence Cybercrime Operating System Internet of Things BYOD Mobile Device Management Wi-Fi Networking IT Support Health Hacking Office 365 Telephone Systems Remote Information Technology Alert Information Managed Service Provider Covid-19 Spam BDR Bandwidth Recovery Employer-Employee Relationship Social Engineering Mobility Router Mobile Computing Law Enforcement Data Breach App History Application Password Human Resources Money Big Data Encryption Applications Remote Monitoring Government Office Tips Private Cloud Training Blockchain Paperless Office Managed IT VPN How To Apps Remote Computing Mobile Office Data Storage Patch Management Marketing Windows 7 Word WiFi Avoiding Downtime IT solutions Entertainment Website Servers Budget Wireless Gmail Bring Your Own Device Data Security Settings Data Management Work/Life Balance Infrastructure Two-factor Authentication Voice over Internet Protocol Mouse HaaS Google Drive Vulnerability Flexibility Scam Risk Management Hacker Vendor Management USB The Internet of Things Lithium-ion battery Save Time Telephone System Staff Software as a Service Machine Learning Remote Work Connectivity Cleaning Firewall Vendor Managed Services Display Virtual Reality End of Support Apple Education Physical Security Social Safety Employee/Employer Relationship Sports HIPAA User Error Redundancy RMM Conferencing Data Protection Meetings Keyboard Retail Hard Drives Comparison Audit Worker Best Practice Instant Messaging YouTube Robot IT Management Excel CES Black Market Digital Signage Printer Botnet Biometrics Virtual Desktop Business Technology IT Plan Content Management Bluetooth Access Control Document Management DDoS Wireless Technology Virtual Assistant Unsupported Software Solid State Drive How to Downtime Authentication Procurement Net Neutrality Charger SharePoint Workplace Strategy IT Consultant Help Desk Compliance Data storage Printing OneNote Computer Care Automobile Humor Customer Service Current Events Update Telephony Environment Samsung Computing Infrastructure Going Green Fax Server Managed Services Provider Google Docs Identity Theft Database Value SaaS Spam Blocking Electronic Medical Records Battery Remote Workers Shadow IT Legal Augmented Reality Processor Fraud Hiring/Firing Network Congestion Internet Exlporer eWaste Remote Worker Hard Drive Virus Cryptocurrency PDF Unified Threat Management Computing Computer Accessories Proactive IT Business Intelligence Wearable Technology Video Games GDPR PCI DSS Hosted Computing Virtual Machine Fiber Optics Online Shopping Employee Worker Commute Cameras 2FA Wireless Internet File Sharing Messaging Cabling Public Computer Experience Running Cable Transportation Scalability Camera Policy Regulations Memory Inventory Hypervisor Specifications Trend Micro Computer Fan Evernote Rootkit Business Owner Dark mode Wire NarrowBand SMS Default App Travel Benefits Search Printers Procedure Saving Time Workers Millennials Smart Office Shopping FENG Wireless Charging Google Search iPhone Printer Server dark theme AI Science IT Infrastructure IBM Workforce Bing Smart Technology Virtual Private Network FinTech Flash Social Network Cables Files Distributed Denial of Service Chromecast Customer Relationship Management Software Tips Investment Supercomputer Telecommuting Project Management Employees Sync Analyitcs Nanotechnology Employee/Employer Relationships Emails Programming Cortana ISP Colocation Windows 365 Uninterrupted Power Supply Video Conferencing Digital Signature ROI Shortcuts Two Factor Authentication Monitor Warranty Sales Bitcoin Netflix HVAC Personal Root Cause Analysis Google Apps Cryptomining Antivirus Point of Sale Supply Chain Management HBO Windows 8 Analysis Knowledge Music Consultant Reputation IT service Administrator Monitoring Streaming Media Skype Devices Batteries Tech Support Enterprise Content Management Digitize Data loss Content Analytics Windows 8.1 Troubleshooting Techology Laptop MSP Outlook Tablet Accountants Windows Server 2008 R2 Leadership Credit Cards Best Available Customers Domains Microchip Customer relationships Start Menu Thought Leadership Email Best Practices Password Management IT Assessment Screen Mirroring Password Manager Manufacturing Loyalty Audiobook WIndows 7 Books IaaS Touchpad Maintenance Frequently Asked Questions Multi-Factor Security Managed IT Service Windows 10s Security Cameras Search Engine Computer Tips Mobile Bloatware Twitter Virtual CIO NIST OneDrive Cast Business Mangement Biometric Security Politics Advertising Emergency Peripheral Tip of the week Tablets Smart Tech webinar Trending Using Data Public Cloud Amazon Employer Employee Relationship Digital Security Cameras Notifications Professional Services Entrepreneur Addiction Windows Media Player Copiers Recycling 5G Assessment User PowerPoint Shortcut Wiring Quick Tip Windows Server 2008 Practices Amazon Web Services Smartwatch Relocation Ergonomics Tools Cost Management Cache Social Networking Safe Mode Development Criminal OLED Television Managing Stress

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code