TechSpot means tech analysis and advice you can trust. Read our ethics statement.
WinRAR is easily one of the most downloaded pieces of software in history. If you ask Windows users on almost any corner of the internet if they've heard of the file compression utility, the answer will most likely be a resounding yes.
Unfortunately for all of those users, the software has contained a serious security bug for the better part of 19 years. The bug theoretically allows tech-savvy attackers to "execute malicious code" when a "booby-trapped" file is opened.
According to Check Point researchers, this bug is the result of a flaw that was nestled deep within WinRAR's UNACEV2.dll code library, which hasn't been actively used since 2005.
Put simply, the flaw allowed security researchers to drop a malicious file directly into Windows' startup folder while bypassing the need to run WinRAR with elevated privileges.
This means that, upon the next reboot, the file was able to run automatically, giving the researchers in question "full control" over a test victim's computer.
According to the researchers, this flaw could have put over 500 million users at risk over the years. Check Point says WinRAR decided to end support for the ACE archive format – which paved the way for the flaw – entirely last month, while simultaneously dropping the UNACEV2.dll file from the software.
So, in short, this issue is fixed, but only if you're running the latest test version of WinRAR: 5.70 beta 1.
It's important to note that simply visiting WinRAR's website and clicking the download button is not sufficient to resolve this issue; doing so will give you version 5.61. Instead, you'll need to visit this link to download the appropriate version.
Not sure if you're running the correct version? Simply boot up WinRAR, open the "Help" drop-down menu in the top right corner, and then select "About WinRAR" - the version information should be present there.
Image courtesy Check Point