India’s cybersecurity agency has issued a security advisory for a widely used file size compressor tool installed on millions of Windows PCs and laptops. The alert warns about critical vulnerabilities that could allow attackers to execute malicious code, install malware, or gain unauthorized access if the tool is outdated or compromised. Users have been advised to update immediately, download only from official sources, and avoid opening compressed archives from untrusted senders.
Warning details
According to the advisory, the vulnerabilities fall under the category of remote code execution and arbitrary file write. Attackers can craft malicious archive files — including .zip, .rar, or .7z formats — that exploit flaws in the tool’s parsing or extraction routines. Simply opening or extracting such a file can trigger the exploit.
The risk is significant due to the widespread use of the software in workplaces, schools, and personal computers for routine compression tasks. Distribution of malicious archives through email attachments, messaging apps, and free download portals increases the likelihood of exploitation.
The government notes several indicators of potential threats, such as unexpected archive files from unknown sources, archives prompting scripts or installers during extraction, and requests for elevated privileges. Older builds of the tool are most at risk, and even new installations can be unsafe if downloaded from fake websites or third-party mirrors.
Malicious archives may also use deceptive techniques like double extensions (e.g., document.pdf.exe) or hiding payloads inside nested folders.
What users should do
• Update immediately: Check the tool’s version and install the latest stable release from the official developer’s website or the Microsoft Store.
• Verify authenticity: Use checksums or digital signatures where provided. Avoid downloading from freeware portals.
• Strengthen Windows security: Keep Microsoft Defender or other antivirus software updated, enable SmartScreen, and turn on Controlled Folder Access.
• Handle archives cautiously: Do not extract unsolicited files. Scan archives first, preview contents, and extract to a non-system folder without admin rights. Avoid running executables directly from archives.
• For enterprises: Implement application allow-listing, block outdated versions via endpoint management, and monitor for suspicious extraction activity.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
