Potentially malicious WinRAR vulnerability patched after almost 20 years

By Michael Archambault February 21, 2019

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?

Topics

Michael Archambault

Former Digital Trends Contributor

Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…

Computing

What to do if your Intel CPU keeps crashing

Pins on Core i9-12900K.

Despite being among the best processors you can buy, some high-end Intel CPUs have faced a wave of instability over the past few months. Intel is investigating the problem, but the company and its motherboard partners have already worked toward some temporary fixes to improve stability on high-end Intel CPUs -- even if it comes at a performance cost.

Before getting into the fixes, keep in mind that they are temporary. Intel will release a statement on the instability soon, likely with more direct guidance on what affected users should do. In addition, the scope of the problem isn't clear -- if you're not experiencing issues, you shouldn't have anything to worry about.
Who's affected

Computing

HP Envy deals: HP’s most popular laptop starts at $630

An HP Envy 17-inch laptop sits on an office desk.

HP is one of the best laptop brands in the laptop space, with a huge selection of laptops to pick from, including some of the best laptops on the market. More specifically, though, the HP lineup is probably at the top when it comes to versatile and relatively well-valued laptops. While there are quite a few variations and configurations of the HP Envy, we've gone ahead and put together the ones that we think will give you the most bang for your buck. That said, if you haven't found something you're specifically looking for, be sure to check out some of these other great laptop deals as well.
HP Envy x360 2-in-1 laptop 15Z-FH000 — $650, was $900

The HP Envy x360 convertible laptop is a great option for just about anyone, particularly anyone who enjoys the touchscreen functionality of a tablet. It’s well designed and super slim, making it a truly go-anywhere device. Despite its portability, it still has an immersive 15.6-inch touchscreen that’s great for creators, note-takers, and binge watchers. Top notch build quality and durability, fast charging technology, a fingerprint reader, and great battery life round out the top features of the HP Envy x360 convertible touchscreen laptop. It competes well with the best 2-in-1 laptops. Its versatility and all-around capability make it a worthy companion on any desk, and on any lap.

Computing

I use these simple printer tips to save money on ink and toner

Printing is fast and economical with the HP Smart Tank 7602.

The cost of a printer can range from under $100 for some good, low-cost inkjet printers to several hundred for the best color laser printers. However, the price you pay upfront doesn’t include paper, and the included ink and toner only lasts so long.

A bargain printer can end up costing you more overall if the cartridges are small and replacements are expensive. Follow these tips to minimize ink, toner, and paper waste, reducing the ongoing expense of using your printer in the long run.
Print in monochrome
Adobe Acrobat's print settings includes a grayscale option. Digital Trends