CVE Source: CVE - CVE-2022-29072
Syncro has become aware of the recent vulnerability related to the 7-Zip application, allowing for privilege escalation on a local system via malicious file drop. Syncro is not vulnerable as a result of this issue.
For users who do have 7-Zip installed, a patch has not yet been released and recommendations are to remove the vulnerable chm file from your system(s). We have published a script to remove the vulnerable file in our Community Scripts repository, provided by our users.
The following steps can be used to remove the vulnerable file
- Import the removal script into your script library. Link to script
- Create a Saved Asset Search to quickly make a list of all assets that have 7-Zip installed by going to your ‘Asset & RMM’ tab and selecting the magnifying glass.
Next, select the ‘New Search’ button and enter ‘7-Zip’ in the ‘Installed Application’ field.
After saving the search, it will be visible in your Saved Asset Search list.
- We can use this search now to run the 'Remove 7-Zip.chm from default install paths’ script in bulk. Select the search that was just made, select all the assets, and select ‘Run Script’ from the ‘Manage’ dropdown.
- The last step is to select the script from the ‘Script’ dropdown and press the ‘Run’ button:
Do NOT select the ‘Skip Offline Assets’ checkbox. With that unselected, the script will stay in a pending state on offline assets until the asset comes back online and run shortly after the asset is back online. This will ensure that all assets run the script regardless of their online status.
Note: The assets will still be shown on the asset search after the script successfully runs since the script is only removing the vulnerable file and not the entire application.