“Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that there are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable systems before they can be patched.”
If you’ve been around Windows for any time, you’ve likely used or heard of WinRAR. WinRAR is a 3rd party file compression/decompression utility. You may even have it installed on your machine. Most users tend to install it when they need it and forget about it. Since WinRAR is a utility that must be updated by downloading and installing the latest version, it doesn’t feature any type of automatic updates. This means that most WinRAR installations out there are out of date. Situations like this make vulnerabilities like this one extremely dangerous.
How do I fix it?
The good news is that it’s a simple and straightforward fix: Install the latest version. An updated version with the vulnerability patched was released on Feburary 26th, which can be found here.
If you have any questions about this or anything cyber security or technology, please reach out to SandStorm IT at 901-475-0275.