VeraCrypt 1.17 fixes security issues, improves compatibility

Martin Brinkmann
Feb 15, 2016
Updated • Sep 14, 2018

VeraCrypt 1.17 has been released on February 13, 2016. The new version fixes several security-related issues, improves compatibility, and even includes optimizations.

VeraCrypt is without doubt the TrueCrypt-based encryption program that appears to be the most active project right now.

Its developers release new versions regularly that fix security and other issues in the client, and add new functionality to it.

The new VeraCrypt 1.17 update is no exception as it introduces a whole batch of improvements to the software program.

VeraCrypt 1.17

The developers have fixed a dll hijacking vulnerability affecting the VeraCrypt installer on Windows machines. The issue, affecting several installers for Windows including those created by Mozilla, Microsoft or Kaspersky, affected TrueCrypt 7.1a as well.

Since VeraCrypt is based on that version, it too was affected by the vulnerability.

The executable installers "TrueCrypt Setup 7.1a.exe" and TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll from their "application directory".

If an attacker places the above named DLLs in the users "Downloads" directory (for example per drive-by download or social engineering) this vulnerability becomes a remote code execution.

The new version includes another security-related improvement that fixes path leaks of selected keyfiles in RAM.

As far as other improvements are concerned, there are quite a few

  1. VeraCrypt 1.17 is signed using SHA-1 and SHA-256.
  2. The mount and boot time has been cut in half "thanks to a clever optimization of key derivation".
  3. Whirlpool PRF speed improved by 25%.
  4. Unicode passwords are supported across the board now with the exception of Windows system encryption.
  5. Support added for creating exFAT volumes.
  6. Solved issues with Comodo and Kaspersky programs when running applications from VeraCrypt mounted volumes.
  7. Reduction of false positives by antivirus programs.
  8. PIM caching implemented. The feature is not enabled by default and needs to be enabled under Settings > Preferences > Include PIM when caching a password (PIM stands for Personal Iterations Multiplier).

You can check out the full release notes of VeraCrypt 1.17 on the official project website. There you find download options for all supported operating systems.

Windows users can install VeraCrypt or use it as a portable program instead when they select the "extract" option after launching the installer.

To update VeraCrypt, run the installer for the new version and make sure it gets installed in the same directory as the currently installed version of the encryption software.

VeraCrypt 1.17 fixes security issues, improves compatibility
Article Name
VeraCrypt 1.17 fixes security issues, improves compatibility
VeraCrypt 1.17, a new version of the encryption software, fixes security issues in the client and ships with performance improvements.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. intelligencia said on February 17, 2016 at 10:49 pm

    I CANNOT wait to apply this new uPdated version of VeraCrypt to my Linux machine!
    Again, Mr. Brinkmann I appreciate you so for taking care of us Online!
    . . . and as a reminder to myself . . . another Donation to is definitely in order.


  2. Ben said on February 16, 2016 at 1:36 pm

    Thanks for bringing those updates to a wider audience.

  3. CHEF-KOCH said on February 15, 2016 at 4:01 pm

    I love it :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.