Last month, a 19-year-old bug was discovered in WinRAR, the software that many PC users use to extract .zip and other files on their computers. While the company quickly fixed the bug, that match requires users to update their software to be safe – and many people have not yet done so.
Here's the deal according to WinRAR:
WinRAR has always been known for its broad support for all popular compression formats. A recent report from Check Point Software revealed a potential security issue in the UNACEV2.DLL library, which was used in earlier versions of WinRAR to decompress ACE archives. There have been no reports so far, but to provide a stable and clean version to WinRAR users, the final version of WinRAR 5.70 has been released. Since UNACEV2.DLL has not been updated since 2005 and access to source code is not available, it was decided to ignore support for ACE archives, starting with WinRAR 5.70. Now, after the launch of the latest and stable version of WinRAR 5.70, an upgrade to the new 5.70 version is highly recommended.
For users who are not interested in an upgrade or who have not yet found a localized version of WinRAR 5.70, the advice of win.rar GmbH is to remove the UNACEV2.DLL file from their current WinRAR version to be reliably protected again . All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10 can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program.
According to McAfee, there are more than 100 unique exploits that can occur thanks to the bug, including a bug that allows hackers to extract a malicious file to your computer's boot folder, which will run automatically the next time the computer is restarted. Not ideal.
Fortunately, there is a quick and easy way to protect yourself against the bug and all the nefarious things that may be added: just add the software.
You want to have WinRAR version 5.70. You can find it here. If you are a WinRAR user, make sure that yours is now up-to-date!