Potentially malicious WinRAR vulnerability patched after almost 20 years

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information  — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?


Seven years later, ‘Dark Souls’ is still a gloriously punishing masterpiece

Despite my experience and love of From Software’s Dark Souls III and Bloodborne, I never played the original Dark Souls. The new remastered version gave me a chance to remedy that, and it was glorious.

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

This is the one thing you need to do before giving your child a smart phone or tablet

Monitoring your kids' digital habits can be a challenge in today’s high-tech age, but great parental control software like Qustodio gives parents a much-needed advantage Read on to find out how you can protect your child from online…

Teens are using Google Docs as the modern version of passing notes in class

Google Docs is reportedly being used by teens as a secret communications app. Instead of passing notes, students are now using the software's live chat function or comment boxes to talk with their friends while in the middle of classes.

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…