UPD: CVE-2022-29072 is disputed.
A couple of days ago a new vulnerability was discovered by GitHub user Kagancapar in the popular 7-Zip file archiver, which allows gaining administrator privileges on Windows. The vulnerability has not been fixed yet, as the latest version of the application 21.07 has been released on 26/12/2021.
A few words about 7-Zip
7-Zip is a free and open-source file archiver with high compression based on bzip2, PPMd, LZMA2, and LZMA algorithms. 7-zip is one of the three most popular file archiving applications, whose popularity is only rivalled by giants WinZIP and WinRAR. In addition to own .7z-format archives, the archive manager also supports other packer formats commonly used under Windows, such as .rar, .zip, .tar, .wim, .xar etc. The file archiver is available for Windows OS; localizations are available for 87 languages.
CVE-2022-29072 vulnerability: how it works and whose fault is that
7-Zip vulnerability or CVE-2022-29072 is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution for Windows when a file with the .7z extension is dragged to the Help > Contents area. In simple terms, someone with access, even limited, to your computer is able to gain high-level control to run their own commands or apps.
The problem lies in the 7-zip.chm helper files that are executed via the Windows HTML helper function (hh.exe). So, CVE-2022-29072 is tied to Windows, as it was caused due to interaction of 7-zip with the Windows help application.
The vendor hasn’t said much about vulnerability other than refusing to take responsibility for it, meaning that it depends on Microsoft Help in Windows. However, according to Kagancapar, even if you drop the malicious file, this triggers a heap overflow in 7zFM.exe. This means that it’s 7-Zip who should solve the problem.
How to mitigate the 7-Zip vulnerability
To mitigate CVE-2022-29072, the person who discovered the vulnerability, Kagancapar, recommends deleting the 7-zip.chm file:
1. Open the 7-Zip installation directory or folder on the system. Usually, it’s C:\Program Files\7-Zip or C:\Program Files (x86)\7-Zip.
2. Find the 7-Zip.chm file – this is the help file.
3. Delete this file to remove it from your system.
There is a possibility that you get a notification “File Access Denied”. If that is the case, select Continue.
If you follow these steps and delete the help file, 7-Zip functionality won’t be reduced, and your endpoint will be secured.
7-Zip CVE-2022-29072 mitigation from Scappman
But there is a much simpler and faster solution to mitigate the 7-Zip vulnerability. We are happy to introduce the 7-Zip CVE-2022-29072 mitigation tool from Scappman!
- Start Scappman free trial: https://portal.scappman.com/register
All you need to do is find the application in the Scappman App Store, click on Install, customize the installation settings (if you want to), assign it to all or specific users and … that’s it!