WinRAR: Important Security Update

21.08.23

Threat Intelligence Alerts

WinRAR, a widely used file archiving software, has addressed a significant security concern. Here’s a concise breakdown:

The Vulnerability:

A technical flaw, labelled as CVE-2023-40477, was detected in WinRAR. If exploited, this flaw could allow malicious individuals to compromise a user’s system upon opening a manipulated WinRAR file.

Extent of Risk:

With millions of WinRAR users globally, the potential risk was significant. However, you are safeguarded from this vulnerability if you’ve recently updated your WinRAR software. Those who haven’t are advised to do so immediately.

Discovery:

This vulnerability was identified by ZeroDayInitiative, credited to a user named ‘goodbyeselene’, on 8th June 2023. As of now, no malicious exploitation of this flaw has been reported, but vigilance remains crucial.

Technical Overview:

The issue originated from WinRAR not adequately scrutinising the files users opened. However, it’s worth noting that for any potential compromise, the user must proactively open a malicious file. Given this condition, the severity was rated 7.8 out of 10, where ten is the most severe.

Safety Measures:

Given WinRAR’s extensive user base, it’s paramount to exercise caution. Before opening any file with WinRAR, ensure it originates from a trusted source. Running an antivirus check on files before opening is also recommended.

Remediation:

WinRAR released a corrective update on 2nd August 2023 to address this flaw. All users are advised to ensure their software is updated to this latest version to be secure.

Related Links: