Earlier versions of the file compression program 7-Zip are affected by a security flaw with a severity score of 7.8 out of 10.

The flaw, disclosed by Trend Micro's Zero Day Initiative and first discovered by Trend Micro security researcher Nicholas Zubrisky in June of this year, affects all 7-Zip versions prior to 24.07 and allows attackers to execute code on a victim's machine. It allows attackers to execute code on the victim's machine.

As a simple exploit, a threat actor can use one of several attack vectors to exploit a specific flaw in the program's Zstandard decompression implementation. the ZDI advisory explains that by properly validating the data provided by the user, the current process context code, it explains.

Essentially, this means that the archive could be used to install malware on a PC, although this would likely require interaction by the victim, such as opening a file.

The current version of 7-Zip is 24.08, released on June 19, 2024. However, the program has no automatic updates, so to protect users, the app itself and subsequent updates must be installed manually.

Therefore, if you are running 7-Zip, especially versions prior to 24.07, be sure to install the latest updates manually immediately to avoid becoming a victim of a cyber attack that takes advantage of these flaws.

As always, however, do not open files that you have not been asked to open, do not open files whose sender is unknown, and do not open files of which you do not know what they are. To further protect yourself, make sure you are using the best anti-virus software to keep your Windows PC safe from the latest threats.