If you are a Windows user, you may be affected. A dangerous new remote code execution vulnerability has been discovered in the WinRAR software. This vulnerability is affecting hundreds of millions of users worldwide.
WinRAR is a popular Windows compression application that has around 500 million users. The vulnerability is affecting all versions of the software released in the last 19 years.
To get technical, WinRAR used an old third-party library called UNACEV2.DLL to handle the extraction of files compressed in ACE data compression archive file format. This is where the flaw lies.
Simplifying the flaw, attackers are able to change the .ace extension to .rar extension to make it look normal and extract compressed files to a folder of their choice rather than the folder chosen by the user. This provides an opportunity for the attacker to drop malicious code into Windows Startup folders where it would automatically run on the next reboot.
All an attacker needs to do is convince users into opening a maliciously crafted compressed archive file using WinRAR.
Since the WinRAR team had lost source code of the UNACEV2.dll library in 2005, it decided to drop UNACEV2.dll from their package to fix the issue and released WinRAR version 5.70 beta 1 that doesn’t support the ACE format.
How to check if you have WinRAR installed?
Simply open the search bar found in the bottom left hand side of your screen. Type in WinRAR – if you have the software, it will load.
If you have WinRAR installed?
Windows users are advised to install the latest version of WinRAR as soon as possible and avoid opening files received from unknown sources.
Questions
If you have any questions about the vulnerability, or are unsure whether you have WinRAR, or want to know how to remove the software and/or download the latest version, get in touch with the team at Smart who will be happy to assist you.
Email: helpdesk@smart.uk.com
Call: 01242 580654
