Skip to main content
  1. Home
  2. Computing
  3. News

Potentially malicious WinRAR vulnerability patched after almost 20 years

Michael Archambault
By

WinRAR is a powerful archival tool that has been available for the past 23 years, allowing users to unpack and create RAR, ZIP, and other archive files. But recently, a collection of security researchers at Check Point Software Technologies have discovered that a vulnerability that could allow malicious individuals to take advantage of users’ machines running the software, implanting startup programs without any needed authorization from the user.

Most users who had used WinRAR around the turn of the century most likely remember the software for its 40-day trial that could easily be bypassed — allowing for continuous use after the initial trial period. WinRAR still exists today, which is why the company quickly patched its software after learning about the vulnerability, adding a fix in version 5.7 beta 1 for an update that is long overdue.

Recommended Videos

The exact details of the dangerous vulnerability came down to a single DLL file — files used by Windows to access libraries of digital information  — that enabled exploiters to use an old component from the defunct ACE archive format. The ACE archive format was last updated in 2007, but WinRAR had decided to continue support for the format until now.

By merely renaming an ACE archive file extension to RAR, WinRAR can be manipulated to extract a malicious program into the computer’s startup folder. Using the exploit, the archive file would appear to decompress and extract itself as usual, while at the same time, in the background, inserting its contents into system folders. Instead of attempting to fix the particular issue, the team at WinRAR have instead dropped support for ACE archives.

Archiving files has come a long way since the world of ACE, and most users will find both the RAR and ZIP file formats to be much more effective than their older sibling. The software is still available on the web for anyone who may have older ACE files to extract or compress, but current Windows users using WinRAR will need to move forward in time if they wish to stay with their archive software of choice.

The ACE vulnerability existed for almost 20 years, with over 500 million WinRAR users, without being patched; it practically begs the question, if we all paid for the trial — would this have ever happened?

Topics
Michael Archambault
Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
This HP laptop is discounted from $519 to $279
HP 14 laptop with intel Celeron on desk.

There are laptop deals for top-of-the-line machines, but if you only need a basic device for your day-to-day needs, don't spend more than you should by taking advantage of Walmart's offer for the HP 14-inch Laptop. Instead of $519, you'll only have to pay $279 for savings of $240. That's an extremely affordable price for a brand new laptop, but we don't think it will last long. To make sure that you don't miss out on the discount, it's highly recommended that you proceed with the transaction as soon as possible.

Why you should buy the HP 14-inch Laptop
The HP 14-inch Laptop will never be able to match up to the speed of the best laptops, which is expected because of its price. However, if you're thinking about using the device for simple tasks like browsing the internet, watching streaming shows, and typing documents, then its 13th-generation Intel Core i3-N305 processor, integrated Intel UHD Graphics, and 8GB of RAM will be enough. The laptop also ships with Windows 11 Home pre-installed in its 256GB SSD, for an operating system that will be familiar for most people.

Read more
How to connect a keyboard and mouse to the Steam Deck
Steam Deck with Keyboard.

One of the best features of the Steam Deck is its varied controls, from face buttons, to joysticks, to touch controls. But there's never a substitute for a full size keyboard and mouse, and fortunately, you can connect them straight to the Steam Deck. It supports wired and wireless connections, although you'll need a USB hub if you want to use a USB connection.

Read more
This ultra-portable Lenovo 2-in-1 laptop is discounted from $649 to $199
lenovo 500w 2 in 1 laptop deal april 2024 classroom

For super cheap laptop deals, take a look at Lenovo right now. You can pay just $199 and get a Lenovo 500w 2-in-1 laptop. According to Lenovo’s estimated value system, the laptop normally costs $649 which is potentially a little overly optimistic but what we do know is that $199 for a 2-in-1 laptop is incredibly cheap. If you simply want an inexpensive laptop for basic typing of documents or web browsing, you’ll be happy with the Lenovo 500w 2-in-1 laptop. Here’s all we know about it.

Why you should buy the Lenovo 500w 2-in-1 Laptop
The Lenovo 500w 2-in-1 laptop keeps things simple with its hardware but you know you’re in safe hands as Lenovo is one of the best laptop brands. Here, you get an Intel Pentium Silver N6000 processor along with 8GB of memory and 128GB of SSD M.2 storage. At this price, we’re delighted to see 8GB of memory rather than 4GB and also the use of an SSD instead of eMMC. Such additions means the Lenovo 500w 2-in-1 laptop will be a little speedier than other laptops in this price range.

Read more