Remediating the vulnerability
At the time of writing, no patch is available to mitigate this issue which means it is exploitable by default. This issue can be mitigated by removing the ‘7-zip.chm’ file which ensures the vulnerability is no longer exploitable.
This file is responsible for some of the ‘Help’ aspects of the 7-zip application and will not prevent 7-zip core capabilities, e.g.: unzipping archives. The user impact is limited to the fact that users will not be able to open the Help > Contents blade (But let’s be honest, who has opened this before?).
This mitigation can be mitigated by using a proactive remediation which can be deployed through Microsoft Endpoint Manager. This can be implemented by navigating to the Endpoint portal and selecting Reports > Endpoint Analytics > Proactive remediations.
As detection script, use the following code:
For the remediation, the following Powershell code will remove the vulnerable file:
if(Get-Item -path "C:\Program Files\7-Zip\7-zip.chm" -ErrorAction SilentlyContinue){
Remove-Item -path "C:\Program Files\7-Zip\7-zip.chm" -Force
if(Get-Item -path "C:\Program Files (x86)\7-Zip\7-zip.chm" -ErrorAction SilentlyContinue){
Remove-Item -path "C:\Program Files (x86)\7-Zip\7-zip.chm" -Force
Note: This remediation assumes you have installed 7-zip in the default installation path.
Want to work together?
If you are a ‘Cloud Control Managed Endpoint’ customer, we have already identified the vulnerable devices in your environment and are reaching out for the remediation steps.
Do you want us to help you mitigate vulnerabilities and stay ahead of current attacks, take a look at our Managed Services and get in touch.