Last month a 19-year-old bug was discovered in WinRAR, the software many PC users use to extract .zip and other files on their computer. While the company was quick to patch the bug, that match requires users to update their software in order to be safe — and a lot of people haven’t yet.
Here’s the deal according to WinRAR:
WinRAR has always been known for its wide support of all popular compression formats. A recent report by Check Point Software revealed a potential security vulnerability in the UNACEV2.DLL library, which was used in former versions of WinRAR to decompress ACE archives. There haven’t been any reported attacks so far, but to provide WinRAR users with a stable and clean version, the final version of WinRAR 5.70 has been released. Since UNACEV2.DLL had not been updated since 2005 and access to its source code is not available, the decision was made to drop ACE archive support starting with WinRAR 5.70. Now, after the launch of the final and stable version of WinRAR 5.70, upgrading immediately to the new 5.70 version is highly recommended.
To users who are not interested in an upgrade or who don’t find a localised version of WinRAR 5.70 yet, win.rar GmbH’s advice is to delete the UNACEV2.DLL file from their current WinRAR version to be reliably protected again. All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10, can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program.
According to McAfee, there are more than 100 unique exploits that can occur thanks to the bug, including one where hackers can extract a malicious file onto your computer’s startup folder that will automatically run the next time the computer is rebooted. Not ideal.
Luckily, there’s a quick and easy way to protect yourself against the bug and all the nefarious things that potentially come along with it: just update the software.
You want to have WinRAR version 5.70. You can find it here. If you’re a WinRAR user make sure yours is up to date now!