7-Zip App Vulnerability CVE-2022-29072
CVE-2022-29072 was released. This is a vulnerability that allows an attacker to use a malformed 7zip archive to gain local administrator rights to a computer. Until an official patch is released one of the recommended ways to resolve this is to remove the 7-zip.chm file as it is the Windows help system. We have put together a script to do just that.
You can plug this script into an SCCM package to deploy to all your systems. Since 7zip offers a portable version and some software uses 7zip as a built-in utility we made the script scan all volumes on the computer that are not CD-ROM drives and that have a drive letter for the 7zip help file then delete it. The script will take quite a bit of time to run so you will want to be sure to set the allowed run time for the package to something like 3 hours.
More comprehensive information on this vulnerability can be found at Toms Hardware.