WinRAR or LoseRAR?
A vulnerability has recently been discovered in WinRAR after 19 years of going undetected. A vulnerability that allows files unpackaged with WinRAR to be added straight to your startup library, meaning malware could be smuggled onto your machine and activate next time you boot up your machine.
Security boffins over at CheckPoint Research announced that over 500 million users of WinRAR are potentially at risk from this software exploit. The exploit that could come into play should a user open a malicious archive, which could have been downloaded from a dodgy website or maybe received in an email.
The specific issue is with a .dll that is used to parse ACE archives named unacev2.dll. ACE is a compression format that was created in the 90s and hasn’t actually been updated since 2005. In fact, the last company to create a program that offered ACE archiving did so in 2007 and it shut down a couple of years ago.
So what do you need to do to make sure you can’t be affected by this exploit? Simply make sure WinRAR is updated to at least version 5.70. WinRAR removed the vulnerability in the latest update after realising it would be very difficult to create a fix, considering they do not have access to the source code and… well no one uses the ACE format anymore anyway!
In their latest patch notes, WinRAR said, “Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives.
WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.
We are thankful to Check Point Software Technologies for reporting this issue.”
With security issues like this going undetected for so many years, it makes you wonder what else could be out there. Maybe hackers know of more that are not in the public domain yet. To make sure your business is prepared for these kinds of attack it is essential to have a data backup solution, completely removing the threat from Malware and Ransomware. Check out Datahive and Veeam to see what suits your company requirements.