Skip to main content

Potentially malicious WinRAR vulnerability patched after almost 20 years

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information  — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?

Editors' Recommendations

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
After almost 15 years, Ubisoft finally shows trailer for ‘Beyond Good & Evil 2’
ubisoft beyond good evil prequel reveal e3  2

During Ubisoft’s press conference at E3 2017, the company showcased Beyond Good & Evil 2, the long-awaited "prequel" to the 2003 original. Taking place in a new solar system (aka System 3), the game introduces new characters such as the monkey-manKnox, heroine Shani, and what appears to be the antagonist of this prequel, the kingpin pig Zhou.

The time period is the 24th century. In the Milky Way galaxy, System 3 is at the heart of colonization and interstellar trade due to the creation of Hybrid slaves. According to Ubisoft, the colonists have brought with them the “rich and diverse spiritual and cultural heritages” from the planet Earth of old. However, private enterprises struggle with each other over controlling resources to obtain more power.

Read more
After month-long delay, Microsoft releases Patch Tuesday update with security fixes
microsoft releases march 2017 patch tuesday security update windows10

Microsoft's March 2017 Patch Tuesday release was notable primarily because it covers two full months of security updates. A show-stopper bug derailed the February release, and so the company was forced to take the unusual step of delaying it for a full month.

Now that the update has been released, we can see that there was plenty to be patched. There were a number of security bugs to be fixed up, as TrendMicro's Security Intelligence Blog reports, and also at least one small change that portends the impending release of Windows 10 Creators Update.

Read more
Microsoft seeking fix after vulnerability found in Windows 10 security feature
windows 10

One of Windows' most important security features is BitLocker support, which has provided full-disk encryption since Windows Vista first rolled out. Coupled with a compatible Trusted Platform Module, which is now required for new Windows 10 machines, BitLocker theoretically provides solid protection for a Windows machine that's lost or stolen.

However, any security feature is only as good as the entire system that surrounds it, and any weak link can present a vulnerability that renders it less than secure. For Windows 10, the weak link involves the fact that the operating system turns off Bitlocker during Feature Updates, aka upgrades, creating a potential exploit, as the official Win-Fu blog reports.

Read more