🚨 SECURITY PSA - 7ZIP VULN🚨
Update your 7zip, folks
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
#cybersecurity #zeroday #7zip #malware #security #it #infosec
🚨 SECURITY PSA - 7ZIP VULN🚨
Update your 7zip, folks
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
#cybersecurity #zeroday #7zip #malware #security #it #infosec
@screaminggoat heh yeah, that was supposedly utilizing this CVE which is what led me to it.
I would normally hold off on posting something this old but 7z has no self update mechanism so people tend to run old versions :/
@[email protected] In that regard, it’s neat when software is available via winget, because that can handle pulling updates for you. “winget upgrade” will also show updates for software that was installed manually, provided it’s registered as Windows application, and in its catalog (caveat: the catalog is not necessarily complete or up to date, but Windows Store can be used as a source for more options).
winget can update everything or just a single application, like you can just do a “winget upgrade 7zip.7zip” to get the newest version that winget knows about.
@[email protected]
https://learn.microsoft.com/en-us/windows/package-manager/winget/
@[email protected] @[email protected] I’m a big Winget proponent (and chocolatey before that) and have UnigetUI running on all my windows machines for managing Winget, pip, nuget, and PowerShell packages/scripts
@[email protected] I did not know about UniGetUi - that looks super useful, thanks!
@neatchee @screaminggoat guilty as charged, so I appreciate you both mentioning the more recent vulnerability. Thanks 🫡
@[email protected] @[email protected] I encourage you to check out UnigetUI as a frontend for Winget, Microsoft’s not-very-well-known package manager