Update now! This 7-Zip exploit bypasses crucial Windows protections

Windows has come a long way from its wild west days, with multiple protections that guard against dangerous software. But attackers constantly try to evade those defenses—and recently succeeded with a 7-Zip exploit that sneaks past Windows’ normal wariness of downloaded files.

Discovered by Trend Micro researchers in September 2024, a vulnerability in 7-Zip allows hackers to bypass the typical Windows request for permission when you open a file from the web. Usually, Windows keeps track of what you download, branding those files with a “mark of the web.” This identifier triggers a Windows User Account Control prompt when apps or other executables are run. Similarly, Microsoft Office displays documents in a read-only mode, along with a warning.

Russian hackers dodged this safety by nesting a malicious archive file within a normal one. The outer archive file receives the mark of the web designator, but the second archive stored within does not. The malware inside that second file, disguised as innocuous documents (e.g., PDF or Word files), can then run undetected.

Further reading: 6 ways hackers sidestep your two-factor authentication

Microsoft

The Russian attackers targeted organizations and government officials in Ukraine, using phishing emails to deliver a 7-Zip file to affected PCs. Its inner archive file contained a SmokeLoader trojan masquerading as a Word .doc file. SmokeLoader trojans can install other malware like ransomware, trojans, remote access, or apps that steal info.

(For the full details about this exploit and malware campaign, you can check out Trend Micro’s findings—or the more digestible summary written by Bleeping Computer.)

7-Zip has since patched this vulnerability as of version 24.09, released last November 30. To upgrade to this version, you must do so manually by first uninstalling the old version on your PC, then downloading and installing v24.09.

While modern Windows offers decent security, it’s not fool-proof–no security measure is. A multi-layered approach protects against your bad days and software flaws alike. At some point, you’ll click on the wrong thing. Windows or an app will have a new vulnerability. 

But if you stay wary of unsolicited correspondence, keep automatic Windows Updates, check your apps for updates periodically, and use antivirus software, you’ll be better protected.