Last month, a 19-year-old bug was discovered in WinRAR. This software uses many PC users to extract ZIP files and other files on their computer. While the company was quick to fix the problem, users need to update their software to be safe – and many have not.
Here is the deal after WinRAR:
WinRAR has always done well known for its wide support of all popular compression formats. A recent report from Check Point Software uncovered a potential security vulnerability in the UNACEV2.DLL library used in previous versions of WinRAR to decompress ACE archives. So far, no attacks have been reported. However, to give WinRAR users a stable and clean version, the final release of WinRAR 5.70 has been released. Since UNACEV2.DLL has not been updated since 2005 and source code access is not available, it has been decided to discontinue support for ACE archives as of WinRAR 5.70. After starting the final and stable release of WinRAR 5.70, an immediate upgrade to the new version 5.70 is strongly recommended.
For users who are not interested in an upgrade or do not find a localized version of WinRAR 5.70 However, win.rar GmbH recommends that you delete the file UNACEV2.DLL from your current WinRAR version in order to be reliably protected again. All users of WinRAR 5.10 or later can find the file UNACEV2.DLL in the program folder of WinRAR. WinRAR users older than 5.10 can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program.
According to McAfee, there are more than 100 unique exploits that can occur because of the error, including hackers. You can extract a malicious file into your computer's Startup folder that automatically runs the next time you restart the computer. Not ideal.
Fortunately, there's a quick and easy way to protect yourself from the bug and all the nefarious things that might go with it: Update the software.
You want to have WinRAR version 5.70. You will find it here. If you are a WinRAR user, make sure you are up to date!