scloud by Florian Salzmann
ende

Fix 7-Zip Vulnerability - Proactive Remediation

Due to the 7-Zip vulnerability (CVE-2022-29072), it might be possible to execute processes with elevated privileges. The fastest way to fix this is to delete the file “7-zip.chm” in the program directory. You can do this manually, or fix the 7-Zip vulnerability with the Proactive Remediation scripts below.

** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that no privilege escalation can occur.

CVE description, https://www.cve.org/CVERecord?id=CVE-2022-29072

Files on GitHub

Creating the Proactive Remediations package for the 7-Zip vulnerability

You can create the package in Endpoint Manager / Intune under “Reports > Endpoint analytics > Proactive remediations” + Create script package.

create Proactive remediations package

We give the script package a meaningful name and an optional description:

Proactive remediations 7-zip

In the next step, you upload the detection and remediation script from my GitHub.

For the assignment, I choose a high execution frequency to make sure the vulnerability gets fixed quickly. Once the vulnerability is completely closed, the package can be removed again.

Proactive Remediations Schedule

Now you’ve deployed the Proactive Remediation package for the 7-Zip vulnerability and just need to wait until the execution on the devices is complete.
The result then looks like this:

7-zip vulnerability Proactive Remediation - Overview