Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore a 40-minute conference talk from the 38th Chaos Communication Congress (38C3) that delves into security vulnerabilities discovered in Windows 11's implementation of libarchive. Learn about the potential security risks introduced by Windows 11's October 2023 update, which added native support for 11 compression formats including RAR and 7z through File Explorer. Understand how the integration of libarchive, despite being extensively tested through Google's OSS-Fuzz project, contained several critical vulnerabilities including remote code execution (RCE), heap buffer overflow, and arbitrary file manipulation issues. Examine the challenges of vulnerability patching in widely-used libraries, illustrated through real-world examples like ClickHouse, and discover how delayed upstream patches can leave numerous applications exposed to security risks. Follow along as the speaker demonstrates the analysis process of Windows 11's Compressed Archive folder feature, compares it with previous implementations, and reveals how these vulnerabilities were discovered despite existing security measures.
