VeraCrypt 1.17 has been released on February 13, 2016. The new version fixes several security-related issues, improves compatibility, and even includes optimizations.
VeraCrypt is without doubt the TrueCrypt-based encryption program that appears to be the most active project right now.
Its developers release new versions regularly that fix security and other issues in the client, and add new functionality to it.
The new VeraCrypt 1.17 update is no exception as it introduces a whole batch of improvements to the software program.
The developers have fixed a dll hijacking vulnerability affecting the VeraCrypt installer on Windows machines. The issue, affecting several installers for Windows including those created by Mozilla, Microsoft or Kaspersky, affected TrueCrypt 7.1a as well.
Since VeraCrypt is based on that version, it too was affected by the vulnerability.
The executable installers "TrueCrypt Setup 7.1a.exe" and TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll from their "application directory".
If an attacker places the above named DLLs in the users "Downloads" directory (for example per drive-by download or social engineering) this vulnerability becomes a remote code execution.
The new version includes another security-related improvement that fixes path leaks of selected keyfiles in RAM.
As far as other improvements are concerned, there are quite a few
You can check out the full release notes of VeraCrypt 1.17 on the official project website. There you find download options for all supported operating systems.
Windows users can install VeraCrypt or use it as a portable program instead when they select the "extract" option after launching the installer.
To update VeraCrypt, run the installer for the new version and make sure it gets installed in the same directory as the currently installed version of the encryption software.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.