Do you have WinRAR installed on your Windows PC? Then you’re probably vulnerable to attack. RARLab patched a dangerous security bug at the end of February 2019, but WinRAR doesn’t automatically update itself. Most WinRAR installations are still vulnerable.
What’s the Danger?
WinRAR contains a flaw that would let a .RAR file you download automatically extract an .exe file to your Startup folder. That .exe file would automatically be started the next time you sign into your PC, and it could infect your PC with malware.
Specifically, this flaw is a result of WinRAR’s ACE file support. An attacker simply needs to create a specially crafted ACE archive and give it the .RAR file extension. When you extract the file with a vulnerable version of WinRAR, it can automatically place malware in your Startup folder without any additional user action.
This serious flaw was found by researchers at Check Point Software Technologies. WinRAR contained an ancient DLL from 2006 to enable support for ACE archives, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE archives. Don’t worry—ACE archives are very rare.
However, unless you’ve heard of this “path traversal” flaw already, you may be at risk. WinRAR doesn’t automatically update itself. We’re also extremely disappointed that WinRAR’s website doesn’t highlight information about this security flaw and instead buries it in WinRAR’s release notes.
WinRAR reportedly has 500 million users worldwide, and we’re certain most of those users haven’t yet heard of this bug and updated WinRAR.
While an update was released back in February, this story is still picking up steam. Security researchers at McAfee had identified more than 100 unique exploits online by mid-March, with most users attacked being in the USA. For example, a bootlegged copy of Ariana Grande’s album “Thank U, Next” with the filename “Ariana_Grande-thank_u,_next(2019)_.rar” available online is being used to install malware via vulnerable versions of WinRAR.
How to Check If You Have WinRAR Installed
If you’re not sure whether you have WinRAR installed, just perform a search in your Start menu for “WinRAR.” If you see a WinRAR shortcut, it’s installed. If you don’t see a WinRAR shortcut, it’s not.
Which WinRAR Versions Are Vulnerable?
If you do see WinRAR installed, you should check whether you’re running a vulnerable version. To do so, launch WinRAR and click Help > About WinRAR.
WinRAR versions 5.70 and newer are safe. If you have an older version of WinRAR, it’s vulnerable. This security bug has existed in every version of WinRAR released in the past 19 years.
If you have version 5.70 beta 1 installed, that’s also safe, but we recommend you install the latest stable version.
How to Protect Your PC From Malicious RARs
If you’d like to keep using WinRAR, head to the RARLab website, download the latest version of WinRAR, and install it on your PC.
WinRAR doesn’t automatically update itself, so the WinRAR software on your computer will remain vulnerable until you do this.
You can also just uninstall WinRAR from the Control Panel. We’re not big fans of WinRAR, which is trialware that either requires you pay or put up with annoying nag screens.
If you don’t like the program’s outdated-looking icons, you can get better-looking icons for 7-Zip.
Whatever unarchiving software you use, we recommend having a solid antivirus installed and enabled. Antivirus software can often spot malware like this and block it from being installed even if you’re using vulnerable software, although security software isn’t perfect and you can’t count on it to catch every piece of malware online. That’s why it’s important to have a multi-layered defense strategy.