I can't help but wonder if the "requires manual update" in the title is some kind of shade being thrown at 7-Zip for respecting the right of users to control their systems. There are many ways to automatically patch 7-Zip through third-party tools. Just because a piece of Windows software doesn't phone home by default doesn't mean it's inherently bad.
I can't help but wonder if the "requires manual update" in the title is some kind of shade being thrown at 7-Zip for respecting the right of users to control their systems. There are many ways to automatically patch 7-Zip through third-party tools. Just because a piece of Windows software doesn't phone home by default doesn't mean it's inherently bad.
>There are many ways to automatically patch 7-Zip through third-party tools.
the average home user isn't using that, and is most at risk because they don't have an IT team managing their computer.
The Man on the Clapham Omnibus doesn't have 7-Zip to begin with.
> the average home user isn't using that, and is most at risk because they don't have an IT team managing their computer.
Microsoft, Crowdstrike, Solar Winds would like to have a word with you. /s
It's just a MotW bypass? How is that high severity?
Feels hot off the heels of the other critical 7-Zip vulnerability less than two months ago:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-b...
>high severity
>mark of the web
>manual update
Just Windows things
> could enable attackers to craft archives that bypass Windows security warnings, potentially tricking targets into launching malware.
Like all of the web. Windows security warnings are crap anyway, mostly (99%) targeting legitimate files or local files.