i-medIT Blog

At i-medIT, we provide a comprehensive range of computer and technology solutions to small business owners and Ambulatory Health Care entities. We specialize in helping companies focus on their business by leveraging IT to serve their goals and objectives rather than being a distraction. Customers come to us for managed services, healthcare IT, project management, IT consulting, HIPAA Compliance, PCI Compliance, server virtualization, and data backup. These core services help our customers run their own companies and take their business goals to the next level.

Alert: 7-Zip Software Can Leave Your System Vulnerable

Alert: 7-Zip Software Can Leave Your System Vulnerable

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 630-549-6199.

Tip of the Week: Improve Email Open Rates With an ...
A Checklist of 40 Microsoft Software Titles Reachi...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 21 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite