7-Zip App Vulnerability CVE-2022-29072

By -

 

In the last day or so CVE-2022-29072 was released. This is a vulnerability that allows an attacker to use a malformed 7zip archive to gain local administrator rights to a computer. Until an official patch is released one of the recommended ways to resolve this is to remove the 7-zip.chm file as it is the Windows help system. We have put together a script to do just that.  




$Vols = Get-Volume | Where-Object -Property DriveType -NE "CD-ROM" | Where-Object -Property DriveLetter -ne $null
foreach ($V in $Vols) {
    $Files = (Get-ChildItem -Path $($V.DriveLetter + ":\") -Recurse -Filter "7-zip.chm").FullName
    foreach ($F in $Files) {
        Remove-Item $F -Force
    }
}

You can plug this script into an SCCM package to deploy to all your systems. Since 7zip offers a portable version and some software uses 7zip as a built-in utility we made the script scan all volumes on the computer that are not CD-ROM drives and that have a drive letter for the 7zip help file then delete it. The script will take quite a bit of time to run so you will want to be sure to set the allowed run time for the package to something like 3 hours. 

More comprehensive information on this vulnerability can be found at Toms Hardware

Comments

  1. AnonymousApril 26, 2022 at 5:48 AM

    Hello,

    The following error message is displayed to me.
    What could I ruin?

    Method invocation failed because [Microsoft.Management.Infrastructure.CimInstance] does not contain a method named 'op_Addi
    tion'.
    At line:3 char:37
    + $Files = (Get-ChildItem -Path $($V + ":\") -Recurse -Filter "7-zi ...
    + ~~~~~~~~~
    + CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

    I ran PowerShell in ISE.

    Thanks
    Rhinestone

    ReplyDelete
    Replies
    1. Kris GrossApril 26, 2022 at 6:02 AM

      Yes, there is a typo change $($V + ":\") to $($V.Driveletter + ":\") I have updated the script above too

      Delete

Post a Comment

Popular posts from this blog

SCCM Task Sequence GUI - How to set up the TS to work with a GUI

By -
Image
Before I have posted how you can create a TS for windows 10 , add a GUI to your TS and run a script to configure your windows 10 install . However all of this has become out dated and so I wanted to update all of that. This how to will walk you through how to create a TS that will allow you to choose a windows 10 or windows 7 image, name the computer, add the computer description to AD, Choose form a list what applications you want to install, Choose to enable BitLocker and set the PIN as well as create a local account. Prerequisites: MDT integrated to SCCM A boot image with the following components added Windows Powershell(WinPE-DismCmdlest) HTML(WinPE-HTA) Microsoft .NET (WinPE-NetFx) Windows Powershell (WinPE-Powershell) A windows 10 and windows 7 image  1. Download the package I have put together containing the scripts you will need https://github.com/sccmtst/SCCM-Management-Scripts/tree/master/TSGUI 2. If you have not already done so download and in...
Read more

SCCM Applications vs. SCCM Packages: Understanding the Key Differences

By -
Microsoft System Center Configuration Manager (SCCM) is a versatile and powerful tool for managing devices, applications, and updates in an organization's IT environment. Among its many features, SCCM allows you to deploy software to your end-users in two primary ways: Applications and Packages. Although both methods have a similar goal, they have some key differences that IT administrators should understand when choosing the appropriate deployment method. In this blog post, we will explore these differences and help you decide which option is best for your organization. Definition and Deployment Scenarios SCCM Applications: An SCCM Application is a high-level, user-centric deployment method that focuses on providing the desired user experience. Applications are designed to be state-based, meaning they can detect if the application is already installed and only perform the necessary actions if the application is not present or if a newer version is available. Applications are suita...
Read more

Faster PXE boot times in SCCM 1606 and later

By -
Image
A new feature introduced with SCCM 1606 was being able to modify the boot times for PXE. This is done by modifying the TFTP block and window size of the boot image RamDisk. This was originally implemented to help a admin over come network requirement. This allows us to make the PXE boot times much faster for my self this meant taking a 10 minute boot time all the way down to 30 second boot time. In order to make this change you need to create 2 registry keys on your PXE enabled DP. Location : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP Name: RamDiskTFTPWindowSize Type : REG_DWORD Value : <customized window size> The default value is 1 (1 data block fills the window)  Location : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP Name: RamDiskTFTPBlockSize Type : REG_DWORD Value : <customized block size> The default value is 4096 (4k).  once you have added the registry keys you will need to restart  the Windows Deployment Service for the ch...
Read more