If you haven't updated WinRAR in the past few weeks, do so now

[Daniel Sims]

PSA: If your WinRAR installation is older than version 6.23, released in August, you should update the software as soon as possible. The latest version patches a vulnerability that has been known for months. Recent reports indicate that state-backed hackers are actively exploiting it, increasing the urgency of the situation.

Google reports that malicious actors linked to the Russian and Chinese governments have recently initiated cyberattack campaigns using a WinRAR vulnerability that was addressed in August. Users who have not updated the popular file archiving program since then remain vulnerable.

The Zero Day Initiative discovered the issue, a buffer overflow problem caused by insufficiently validated data, in June. This could potentially allow attackers to access a target's memory and remotely execute code. An attack would be triggered when a user double-clicks on an archive to open WinRAR and then double-clicks an embedded file to access it without unpacking the archive. Security company Group-IB stated that cybercriminals have been exploiting this vulnerability to target the financial sector since at least April.

WinRAR version 6.23 fixed the flaw, but the software does not update automatically. Users need to locate and download the patch themselves. The latest version, 6.24, was released earlier this month and includes a couple of new bug fixes.

According to Google, groups connected to the Chinese government used compromised ZIP files in a phishing campaign targeting Papua New Guinea in late August. Since September, groups linked to the Russian military's GRU service have utilized the old vulnerability to distribute malware in multiple phishing campaigns targeting Ukrainians.

WinRAR has long been considered an almost essential third-party download due to its ability to compress and unpack file archive formats like RAR, particularly since Windows has traditionally only supported ZIP. Its technically limited but functionally unlimited free trial period has become a meme among PC users, which has contributed to the software's widespread use over the years.

However, the era of installing WinRAR or similar programs in new Windows installations may soon come to an end. The latest major update for Windows 11, version 23H2, introduces native support for alternative archive formats like RAR, 7-Zip, TAR, and GZ. Microsoft began rolling out the new version in late September.

Windows 10 users or those who have not updated Windows 11 to version 23H2 also have other options for handling compressed files, such as WinZip and 7-Zip. Researchers have not discovered any serious vulnerabilities in those tools recently.

Permalink to story.

https://www.techspot.com/news/100553-if-you-havent-downloaded-or-updated-winrar-since.html

 

[gamerk2]

7-zip is a thing; no reason to have RAR installed at this point.

 

[VariableSpike]

7-zip is a thing; no reason to have RAR installed at this point.

Exactly, no constant nagging and works just as well, you could even argue 7z is better as a compression format than rar, but when at the end of the day, most people will just use either to make zips, what's the point in having a version that is more annoying and clunky?

 

[gamerk2]

Exactly, no constant nagging and works just as well, you could even argue 7z is better as a compression format than rar, but when at the end of the day, most people will just use either to make zips, what's the point ifnhaving a version that is more annoying and clunky?

I note Windows has been able to natively open/create .zip archives for a few versions now.

 

[arrowflash]

7-zip is a thing; no reason to have RAR installed at this point.

7-Zip is also what I use as default for opening all sorts of compressed files.

I still have a very old version of WinRAR installed though, because I really like using it to build .rar files in RAR3 format (since RAR3 is compatible with pretty much everything, and the newer RAR5 doesn't bring any significant advantages to compression ratios)

I note Windows has been able to natively open/create .zip archives for a few versions now.

Huh? Windows had native support for opening and creating .zip archives for a veeery long time! I'm not sure when it was introduced but I think it was in XP or Vista. I personally always prefered using third-party applications because I never liked the way Windows integrates .zip files in Explorer treating them as folders, though I understand it probably simplifies things for basic users who are not very computer literate.

Even with Windows adding native support for other compression formats, I'll probably keep using 7-zip for this same reason. If I ever migrate to W11 that is.

 

[pambaboy]

7-Zip is also what I use as default for opening all sorts of compressed files.

I still have a very old version of WinRAR installed though, because I really like using it to build .rar files in RAR3 format (since RAR3 is compatible with pretty much everything, and the newer RAR5 doesn't bring any significant advantages to compression ratios)



Huh? Windows had native support for opening and creating .zip archives for a veeery long time! I'm not sure when it was introduced but I think it was in XP or Vista. I personally always prefered using third-party applications because I never liked the way Windows integrates .zip files in Explorer treating them as folders, though I understand it probably simplifies things for basic users who are not very computer literate.

Even with Windows adding native support for other compression formats, I'll probably keep using 7-zip for this same reason. If I ever migrate to W11 that is.

The latest Windows 11 update has native support for 7z and RAR file formats

 

[Srksi]

"past few weeks"
Fun anecdote: I used to get occasionally damaged archive error. Thought it was network error. One time I got soo annoyed that I got file editor to see what is wrong with archives, not even rar repair tools couldnt find anything. Opened archive, found descriptors, everything, but still winrar didnt wanted to open it. Now again I got damaged archive error. Tried 7zip, and who would know, it opened it! Hmmm, maybe my 15 years old winrar install was outdated?? Nah!

 

[Vanderlinde]

Exactly, no constant nagging and works just as well, you could even argue 7z is better as a compression format than rar, but when at the end of the day, most people will just use either to make zips, what's the point in having a version that is more annoying and clunky?

I'm old enough to have played around with 1.44MB floppy disks, and back in the days, RAR for DOS was superior to ZIP in regards of compression strength.

Let's just say that Rar was able to compress stuff even better then ZIP would back in the days. 7 Zip is far more populair now, esp over Usenet and it's parity, but I still stick with Rar.

 

[Joballi]

PSA: If your WinRAR installation is older than version 6.23, released in August, you should update the software as soon as possible. The latest version patches a vulnerability that has been known for months. Recent reports indicate that state-backed hackers are actively exploiting it, increasing the urgency of the situation.

Google reports that malicious actors linked to the Russian and Chinese governments have recently initiated cyberattack campaigns using a WinRAR vulnerability that was addressed in August. Users who have not updated the popular file archiving program since then remain vulnerable.

The Zero Day Initiative discovered the issue, a buffer overflow problem caused by insufficiently validated data, in June. This could potentially allow attackers to access a target's memory and remotely execute code. An attack would be triggered when a user double-clicks on an archive to open WinRAR and then double-clicks an embedded file to access it without unpacking the archive. Security company Group-IB stated that cybercriminals have been exploiting this vulnerability to target the financial sector since at least April.

WinRAR version 6.23 fixed the flaw, but the software does not update automatically. Users need to locate and download the patch themselves. The latest version, 6.24, was released earlier this month and includes a couple of new bug fixes.

According to Google, groups connected to the Chinese government used compromised ZIP files in a phishing campaign targeting Papua New Guinea in late August. Since September, groups linked to the Russian military's GRU service have utilized the old vulnerability to distribute malware in multiple phishing campaigns targeting Ukrainians.

WinRAR has long been considered an almost essential third-party download due to its ability to compress and unpack file archive formats like RAR, particularly since Windows has traditionally only supported ZIP. Its technically limited but functionally unlimited free trial period has become a meme among PC users, which has contributed to the software's widespread use over the years.

However, the era of installing WinRAR or similar programs in new Windows installations may soon come to an end. The latest major update for Windows 11, version 23H2, introduces native support for alternative archive formats like RAR, 7-Zip, TAR, and GZ. Microsoft began rolling out the new version in late September.

Windows 10 users or those who have not updated Windows 11 to version 23H2 also have other options for handling compressed files, such as WinZip and 7-Zip. Researchers have not discovered any serious vulnerabilities in those tools recently.

Permalink to story.

https://www.techspot.com/news/100553-if-you-havent-downloaded-or-updated-winrar-since.html

Updating your software regularly, including applications like WinRAR, is a good practice for maintaining security and accessing the latest features and bug fixes.