Skip to main content
  1. Home
  2. Computing
  3. News

Potentially malicious WinRAR vulnerability patched after almost 20 years

Michael Archambault
By

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

Recommended Videos

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information  — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?

Topics
Michael Archambault
Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
How to check how much RAM you have on Windows and Mac
RAM installed in slots.

You can only know if you have enough RAM, if you know how to check how much you have. Fortunately, doing so is super quick and easy and then you can decide whether you want to upgrade your memory -- here's how to choose new memory sticks -- or whether you have enough for what you need to do.

You certainly don't need to buy more or new RAM just for the sake of it, and if you have enough for what you need, more memory won't make much difference anyway.

Read more
The real reason so many laptops have moved to soldered RAM
The Intel 12th-gen Mainboard upgrade for the Framework Laptop.

The completely redesigned Dell XPS 14 and 16 came out this year as two of the most divisive laptops in recent memory. No, it wasn't just the capacitive touch buttons or invisible trackpad that caused an uproar -- it also moved to soldered RAM. This was a big change from the past, where the XPS 15 and 17 were both celebrated for their upgradability.

Of course, Dell isn't the first to make the transition. In fact, they're one of the last, which is what makes the decision so much tougher to swallow. Where soldered RAM was previously limited to just MacBooks and ultrabooks, it's now affecting most high-performance laptops for gaming as well. Even the fantastic ROG Zephyrus G14 moved to soldered memory this year.

Read more
How to check the storage space on your Mac
The About This Mac window showing storage usage, alongside a window offering suggestions on how to save storage spce in MacOS Monterey.

Upgrading storage on your Mac isn't always easy, or even possible, so knowing how much storage space you have, and how to free up more, is a great idea. Often when you buy a Mac, that's the storage you're stuck with -- although external drives and cloud storage are always an option.

Luckily, checking your available storage -- and then freeing up space for the things you want to keep -- is very easy to do. In this guide, we’ll walk you through the process of checking your Mac’s storage space, then show you a few quick ways of clearing out the junk you no longer need.

Read more