About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events
Jun 11

RubinBrown’s Leveraging Technology for Business Success

Learn More & Register
Jun 17

RubinBrown’s Rural Health Webinar Series

Learn More & Register

RubinBrown Sports Betting Index: March 2025 Analysis

Learn More

Tax Bill Watch 2025: Budget Resolution Compromise

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

Application Situation: Third Party Patching

Contact Us

Application Situation: Third Party Patching

Contact Us

One of the biggest challenges facing IT and security teams is managing the patching process for the entire application spectrum within the environment. Operating systems and other large application packages often make updating easy. Sometimes patch management solutions can do a very good job of keeping many (or even most) of the environment up to date.

But it’s critical to make sure that patching is comprehensive, because sometimes even “small” or noncritical applications can present big vulnerabilities if they get out of date.

A recent attack on a commonly used compression tool illustrates exactly how dangerous missed patching of third-party applications can be. 

The Story Behind the 7-Zip Vulnerability 

A recent software vulnerability was identified and likely exploited by the Russians against the Ukrainian government as a cyberespionage attack. The exploit has been identified and patched, but it creates a vulnerability for IT departments worldwide.

All IT departments should prevent third-party applications from being installed on company machines whenever possible, and when the software is required, make sure updates are installed promptly to prevent attacks.

This particular exploit affects installations of the popular software, 7-Zip, used for creating zip files and extracting files from compressed file archives. The software is open source, free to use, and commonly installed.

After the Trend Micro Zero Day Initiative (ZDI) Threat Hunting team identified the problem, 7-Zip released patch version 24.09 on November 30, 2024, to address the exposure. 

How Does This Exploit Work?

To understand how this exploit occurred, let’s discuss a common Windows security feature: Mark-of-the-Web (MoTW). Windows helps identify files from an untrusted source using its MoTW security feature. The feature marks a file as originating from an untrusted zone (the internet) and helps ensure extra security checks are performed by Microsoft Defender SmartScreen.

If you have ever opened a file in Microsoft Excel with the “Protected View” status, you are using the MoTW functionality.

The MoTW security feature is an essential part of Windows security and helps make sure that users are protected from threats like malicious macros.

Bad actors bypass the MoTW controls by encapsulating an archive file inside another archive file. The Ukrainian attack involved an email attachment with a “double” encapsulated archive file along with a hidden typo to trick users into thinking they were on a safe domain. For example, the Cyrillic letter Es looks like the letter “c” and can be replaced in a .com domain to fool an unsuspecting site visitor. The average web user doesn’t notice the unusual character and may feel they are on a valid website.

This attack led to compromised email accounts, malware infection, and full system compromise. 

What Can You Do About It? 

IT departments become the first line of defense against potential issues, and the following steps will help reduce the risk of exploits:

  • Update 7-Zip (and any other third-party software installations.) Determine if all machines with the 7-Zip software have been updated to version 24.09 or later. If not, the update is available on SourceForge.net.
  • Inventory and track third-party applications. Create a detailed list of installed applications so they can be properly licensed, maintained, and upgraded. 
  • Consider additional security measures to prevent unauthorized applications. One option is to use Microsoft’s Applocker to restrict users’ ability to install applications. Both the NIST and CIS frameworks include controls around user-installed software and unauthorized installations.
  • Prevent users from executing files from untrusted sources. Configure systems to prevent opening and execution of suspicious files. Limit the use of local admin permissions to only those users who need them.
  • Test and upgrade your systems. Stay informed on common exploits. Make sure software patches are installed in a timely manner to prevent issues and widespread concerns. Perform regular penetration and vulnerability tests to identify potential issues early. 

Feel free to contact RubinBrown’s Cyber Security Services team if you have any questions about this vulnerability or assistance with testing your environment. Our teams regularly assist clients with assessing their security levels, performing penetration tests, and performing Cyber Security Health Checks.

Find out more about these services here.

 

 

Published: 02/18/2025

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

 

Contact Us:

Talk to Our Experts

Audrey Katcher, CPA, CISA, CITP, CGMA Partner audrey.katcher@rubinbrown.com 314-290-3420
Robert Rudloff, CISSP, CISA, QSA, CMMC RPA Partner rob.rudloff@rubinbrown.com 303-952-1220

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2025 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance