So this is still a issue though (unrestricted) physical access is a bigger issue in itself. Now imagine a business/school/library/government wanting to minimize user mischief and/or crime but have to let people use the machines or go back to pen, paper, typewriter and photocopier. Kids, “friends”, neighbours, partyguests, spouse, kids-“friends”, and so on and so on, all potentially not respecting your stuff or even just for the most petty or whimsical reasons want to spy or sabotage.Īnd that is just for your stuff at home. Or other restriction they want to get around. Kids getting admin rights – and doing shit knowingly or not – e.g. Of the people I know, MANY are not ones I would trust with unsupervised access to any of my devices, whether computer or computer-with-a-phone, computer-with-a-tv-tuner, etc. You mean, for single home users with no untrustworthy guests.
However, Microsoft’s portion is managed by UAC, so the exploit vulnerability is supposed to be avoided. Now, I removed all third party CHM (.chm) files. Total 59 files related to Microsoft (Windows OS):Ĭ:\Windows\Microsoft.NET\Framework\ :4 filesĬ:\Windows\Microsoft.NET\Framework64\ :4 filesĬ:\Windows\System32\DriverStore\FileRepository\cnlbcja64.inf_amd64_3120ae9234c33f56\ :4 files In any case, removal of the file will not interfere with the original function of the program. I believe that the use of CHM (.chm) files is a rare case (either the program developer is unaware of the vulnerability or has forgotten to move from the CHM (.chm) files to an alternative solution). The CHM (.chm) files in my system (as listed by WizFile) are as follows: I see that there are quite a few CHM (.chm) files in your system. Most of scare tactic drama exploitable bugs are usual local, so I guess the solution should be to make sure nobody gets in your computer like you should already be doing in the first place? I mean, just accept this is stupid to worry about and even give instructions to delete anything, it is a bug yes, but put it out there as this serious security issue that might be exploited so stay calm, don’t panic and do as I say….
#.7Z FILE EXTENSION VIRUS UPDATE#
I mean I would accept the fact that it can affect some enterprise but then, why would a business use 7zip and not something else anyway?Īnd wasn’t the power of Open Source that it could get fixed within 3 seconds of discovered but here there are the questions “when will it happen since last update was Dec 2021?” Just another drama more like a hoax by people who want to make money out of bug bounty programs or put their names out there as someone who discovered some lame bug around. I mean, we have to even imagine that the intruder even knows you have 7zip and can exploit it…Īnd then what? again, do you think they will care about 7zip then?
The Help file won't open anymore after the deletion, when you select Help > Contents in the 7-Zip File Manager or press the F1-key on the keyboard.Īnd as usual this will not affect anyone relevant, especially ghacks viewers.Įven if it wasn’t just ‘local’, it wouldn’t be a problem, it’s like… if someone has already an intruder in their computers, I don’t think the first thought of the intruder will be “can I exploit 7zip?” 7-Zip functionality is not reduced when you delete the help file.
The file is moved to the recycle bin of the operating system by default.
Users of the application may use the following workaround to mitigate the vulnerability on their devices. The last update of the application dates back to the release of 7-Zip in December 2021 It is unclear if and when 7-Zip will address the issue. The page provides technical information and a short demonstration video of the exploit. Vulnerability details have been published on GitHub.