Skip to main content

A serious security vulnerability has been found in 7-Zip

Audio player loading…

7-Zip is free, open-source file archiving software that's been around for an awfully long time—nearly two decades, according to Wikipedia. It's barebones, it's simple, and it works, which is why we included it in our list of essential applications for a fresh PC. Unfortunately, as discovered by the Center for Internet Security, it also suffers from a pretty serious security vulnerability that can enable "arbitrary code execution." 

What that means, basically, is that someone who successfully exploits this security flaw could install programs on your PC, view, edit, or delete data, or create new user accounts with full access rights. The good news is that CIS says there are no reports of this actually happening, but the bad news is that the security flaw is present in all versions of 7-Zip prior to 18.05. That version was just released on April 30, which means that unless you've updated sometime within the last four days, your PC is exposed.

Fortunately, the solution is simple. Go to 7-zip.org, download the latest version (it's tiny), and install it. Boom! Problem solved, and you'll be pleased to know that the hot new version of 7-Zip looks exactly the same as the old crappy one.   

CIS also recommended that all software should be run as a non-privileged user, and to apply the "Principle of Least Privilege" to all systems and services, so that if your PC does fall prey to a sploitz-jerk, the damage will be minimized. As a general approach, that's probably not a bad idea.

Amazingly, 7-Zip has a trailer. It's everything you would expect.

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.