7-Zip App Vulnerability CVE-2022-29072


In the last day or so CVE-2022-29072 was released. This is a vulnerability that allows an attacker to use a malformed 7zip archive to gain local administrator rights to a computer. Until an official patch is released one of the recommended ways to resolve this is to remove the 7-zip.chm file as it is the Windows help system. We have put together a script to do just that.  

$Vols = Get-Volume | Where-Object -Property DriveType -NE "CD-ROM" | Where-Object -Property DriveLetter -ne $null
foreach ($V in $Vols) {
    $Files = (Get-ChildItem -Path $($V.DriveLetter + ":\") -Recurse -Filter "7-zip.chm").FullName
    foreach ($F in $Files) {
        Remove-Item $F -Force

You can plug this script into an SCCM package to deploy to all your systems. Since 7zip offers a portable version and some software uses 7zip as a built-in utility we made the script scan all volumes on the computer that are not CD-ROM drives and that have a drive letter for the 7zip help file then delete it. The script will take quite a bit of time to run so you will want to be sure to set the allowed run time for the package to something like 3 hours. 

More comprehensive information on this vulnerability can be found at Toms Hardware


  1. Hello,

    The following error message is displayed to me.
    What could I ruin?

    Method invocation failed because [Microsoft.Management.Infrastructure.CimInstance] does not contain a method named 'op_Addi
    At line:3 char:37
    + $Files = (Get-ChildItem -Path $($V + ":\") -Recurse -Filter "7-zi ...
    + ~~~~~~~~~
    + CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound

    I ran PowerShell in ISE.


    1. Yes, there is a typo change $($V + ":\") to $($V.Driveletter + ":\") I have updated the script above too


Post a Comment

Popular posts from this blog

SCCM Task Sequence GUI - How to set up the TS to work with a GUI

SCCM Applications vs. SCCM Packages: Understanding the Key Differences

How to Deploy a Windows 10 Servicing update as a Application