New security flaw in WinRAR – 500 million PC’s in danger!

26. February 2019

Critical vulnerability affects all previous versions of WinRAR for the Windows operating system. Are you using WinRAR, then you should update it now!

Winter, flaw, drowning, critical

WinRAR security flaw

The Hacker News reports that Cybersecurity researchers from Check Point Software have revealed a flaw in the popular Windows file compression application, WinRAR. The flaw affects all prior versions up to version 5.70 beta 1.

The flaw, a remote code execution (RCE) can potentially impact up to 500 million users of the WinRAR application. This RCE could allow for persons with malicious intent to gain access to a victim’s computer if they succeed in persuading the victim into opening a zip-file of the ACE format. This format can easily be disguised as a .rar extension, which is how a person can be tricked as it will look like a normal .rar file.

A potential attacker could exploit the flaw by making use of a path-traversal attack. This allows the attacker to gain access to directories, that they should not be intended for public or foreign eyes. In other words, malware could very easily be planted in your system.

The vulnerability has been patched in a new version of the software on the 28th of January 2019, in 5.70 beta 1. The latest test version has also stopped supporting the ACE format.

What to do?

Are you among the 500 million Windows users, who have WinRAR installed? Then you do the following:

  • Uninstall your current version of WinRAR
  • Download and install the latest test version, v. 5.70 beta 1
  • Avoid opening files from unknown sources

Cybersecurity

Here at HTML24, we provide security for our clients’ websites and web apps. Consider reading our case stories on the Danish State Hospital (Rigshospitalet) or the trade union, HOD.

Are you seeking a digital agency to implement higher security or build a website for you? We would love to assist you!

Contact us at info@html24.net, or write your information in the box below. We are always ready to engage in a non-committal conversation with you.

Published 26. February 2019
Author
Af Marcus Hove
Marketing

Should we call or write to you? Fill in the fields below.