Skip to main content
  1. Home
  2. Computing
  3. News

Potentially malicious WinRAR vulnerability patched after almost 20 years

Add as a preferred source on Google

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

Recommended Videos

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information  — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Canva Code 2.0 just made vibe coding way less intimidating for everyone
Canva Code 2.0 feature

Coding used to be reserved for developers who spent years learning complex languages. That has slowly changed with vibe coding, which lets you build apps and websites using simple, plain-language prompts. 

The problem is that most of these tools still feel intimidating for regular folks, as they still need to understand the code to make any meaningful changes. If not, everything you make tends to look the same.

Read more
Windows users can finally pick when updates stop with Microsoft’s latest patch
From pausing updates on your own schedule to rolling back a broken PC in one click, here's everything new in Windows 11's July 2026 update.
Windows 11 Laptop

Patch Tuesday updates are usually a shrug-and-install affair, but Microsoft's July 2026 release actually gives you something to be excited about.

You can grab this update, tagged KB5101650, right now through Settings, or manually via the Microsoft Update Catalog if you'd rather not wait for it to roll out.

Read more
Can AI audiobooks narrate better than humans? This study says many listeners think so
New study finds listeners favor AI narrated audiobooks over traditional human narration in blind testing.
Audiobooks on Spotify on an iPhone.

You might assume most listeners would pick a real human voice over a synthetic one, but a new study says otherwise. Edison Research at SSRS surveyed 1,005 fiction audiobook fans in May 2026 for a study commissioned by AI audio company Spoken. The twist is that listeners rated the AI narration higher, and they did not even know it was AI until after they heard it (via Variety).

Why listeners favored the AI narration

Read more