RARLAB has addressed a severe security flaw in the widely-used file compression software, WinRAR. This flaw could allow hackers to execute commands on a Windows PC by merely opening a malicious compressed file. Users of the software are urged to update to version 6.23 or newer without delay.
The bug was spotlighted by security researcher goodbyeselene on the Zero Day Initiative (ZDI), as reported by Bleeping Computer. ZDI, run by antivirus software company Trend Micro, offers financial rewards to security researchers for reporting critical vulnerabilities.
According to ZDI's log, the WinRAR defect permitted "remote attackers to execute arbitrary code on affected installations" of the software. The log emphasizes that users are at risk only if they open a malicious file or visit an unsafe webpage. However, this is not an unlikely scenario, as RAR is one of the most common formats for compressed files.
When downloading software, music, games, or movies from unknown sources, they may be packaged as RAR files. Malicious attackers could craft these files to exploit this vulnerability and infect a PC. The only certain solution to this issue is to update WinRAR immediately. RARLAB has acknowledged and fixed this problem, so there's no reason to postpone this latest software update.
Interestingly, many PC users may not need WinRAR in the near future. Windows 11 will soon provide native support for RAR archives, allowing users to create and extract RAR files without installing WinRAR. This feature is already available on Windows Insider builds of the operating system, which users can register for on the designated page.
It's essential to note that Insider builds of Windows are intended for testing upcoming features and should not be considered a substitute for stable versions of the OS. These builds might contain significant bugs that could affect the use of a PC. Users should be aware of the risks and back up essential data before installing these builds.
Windows 11's support for RAR files includes basic features suitable for most users, but advanced users who create many RAR archives may still prefer to use WinRAR. If WinRAR is installed, users should update to version 6.23 or newer versions of the software.