7-Zip MotW Bypass Vulnerability - 20250122002 (#1177)

* 20250122002 - Broadcast - 7-Zip MotW Bypass Vulnerability * Format markdown docs --------- Co-authored-by: carel-v98 <[email protected]>
wagov · Jan 22, 2025 · 5163775 · 5163775
1 parent 0bc7ebd
commit 5163775
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/docs/advisories/20250122002-7-Zip-MotW-Bypass-Vulnerability.md b/docs/advisories/20250122002-7-Zip-MotW-Bypass-Vulnerability.md
@@ -0,0 +1,26 @@
+# 7-Zip MotW Bypass Vulnerability - 20250122002
+
+## Overview
+
+A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE                                                             | CVSS | Severity |
+| ------------------- | ---------- | --------------------------------------------------------------- | ---- | -------- |
+| 7-zip               | < 24.09    | [CVE-2025-0411](https://www.cve.org/CVERecord?id=CVE-2025-0411) | 7.0  | High     |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- 7-Zip Source Forge: <https://sourceforge.net/p/sevenzip/discussion/45797/thread/b95432c7ac/>
+
+## Additional References
+
+- Zero Day Initiative: <https://www.zerodayinitiative.com/advisories/ZDI-25-045/>
+- Bleeping Computer: <https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/>