7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine

0

Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia’s ongoing invasion of Ukraine.

The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The defense is commonly known as MotW, short for Mark of the Web. It works by placing a “Zone.Identifier” tag on all files downloaded from the Internet or from a networked share. This tag, a type of NTFS Alternate Data Stream and in the form of a ZoneID=3, subjects the file to additional scrutiny from Windows Defender SmartScreen and restrictions on how or when it can be executed.

There’s an archive in my archive

The 7-Zip vulnerability allowed the Russian cybercrime group to bypass those protections. Exploits worked by embedding an executable file within an archive and then embedding the archive into another archive. While the outer archive carried the MotW tag, the inner one did not. The vulnerability, tracked as CVE=2025-0411, was fixed with the release of version 24.09 in late November.

Read full article

Comments

More Stories

ChatGPT integration in WhatsApp now supports images and voice messages

0

Sonos Lays Off 200 Employees After App Failure

0

H5N1 bird flu spills over again; Nevada cows hit with different, deadly strain

0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

ChatGPT integration in WhatsApp now supports images and voice messages

0

Sonos Lays Off 200 Employees After App Failure

0

H5N1 bird flu spills over again; Nevada cows hit with different, deadly strain

0

Apple Vision Pro’s first year: the good, the bad, and the future

0

Judge suggests temporary order blocking DOGE from Treasury records

0