7zip v9 is not secure, when will Trend Micro Update the version it uses in Maximum Security 10?

  • 2
  • Question
  • Updated 2 years ago
  • Answered
The version of 7zip that Trend Micro uses as part of its product is being reported by Secunia as not secure any longer. Is Trend Micro going to update this piece?
Photo of tmgehrig

tmgehrig

  • 140 Points 100 badge 2x thumb

Posted 2 years ago

  • 2
Photo of Social Customer Service Team

Social Customer Service Team, Official Rep

  • 1,032 Points 1k badge 2x thumb
Thanks for the question, and we’re happy to see that our community members are definitely keeping themselves aware on security issues! 

Trend Micro is aware of the recently disclosed vulnerability affecting 7-Zip (CVE-2016-2334 and CVE-2016-2335) and is investigating to see what, if any, products and services may be affected.  At the conclusion of this investigation we will take appropriate steps to address any issues that are identified.
 
Based on an initial review of some products that may utilize this technology, we have identified that the Trend Micro Security family of products (including Maximum Security 10 as you’ve inquired about) is not affected by the reported 7-Zip vulnerability. 
 
If any other products are found to be affected, we will take appropriate steps to address the issue and will follow-up with customers as needed.
 
If you have any further questions, please feel free to reply below or contact Trend Micro technical support for further assistance or let us know how we can help in any other way.

Trend Micro Social Customer Service Team

Trend Micro Home Users Community
Photo of tmgehrig

tmgehrig

  • 140 Points 100 badge 2x thumb
Thank you for the reply. Can I please get an update? I do not accept the distinction Trend Micro is making between the product not having a vulnerability, though it is using a product, 7zip v9.20, which is installed on my computer as a part of the Trend Micro installation and is in fact vulnerable.

When will Trend Micro upgrade this installation to the latest version of 7zip?
Photo of tmgehrig

tmgehrig

  • 140 Points 100 badge 2x thumb
Checking in again. Is there an update to this question? When will the new version of 7zip be utilized?
Photo of Bob Long

Bob Long

  • 154 Points 100 badge 2x thumb
I have the same question - why is a vulnerable program (7-zip) not vulnerable simply because it is installed in the Trend Micro Program Files folder?   Some reply from Trend Micro (or better yet, an update that updates 7-zip) would be appreciated. 
Photo of Social Customer Service Team

Social Customer Service Team, Official Rep

  • 1,032 Points 1k badge 2x thumb
Sorry for the late response. We have deployed an update to Password Manager to solve this concern, and the automatic update for the latest version started today to cover all Trend Micro software users. Please verify if the 7-Zip file in Trend Micro's folder is updated to the latest version.

Trend Micro Social Customer Service Team

Trend Micro Home Users Community
Photo of Bob Long

Bob Long

  • 154 Points 100 badge 2x thumb
Thanks for following up.   I'm not using TM Password Manager - I have LastPass installed and prefer it.    However, I can confirm that 7-zip 16.0 was installed by the updater. 
Photo of TM_Claudia

TM_Claudia, Employee

  • 10,842 Points 10k badge 2x thumb
Thank you for the confirmation! Please feel free to contact us in the community any time when you need help for Trend Micro products in the future.

Trend Micro Home Users Community

This conversation is no longer open for comments or replies.