On February 20th, researchers at Check Point disclosed a code execution flaw in the popular archive utility WinRAR .
In a proof-of-concept exploit, researchers demonstrated that malicious files opened by the utility could be written to the startup folder in Windows then executed on next reboot. Available endpoint telemetry across eSentire customers indicates vulnerable versions of WinRAR are widely deployed. Customers are encouraged to update WinRAR clients or use an alternative archive utility.
What we’re doing about it
- Detection has been deployed to esENDPOINT sensors
What you should do about it
Download and install the latest WinRAR update .
Use an alternative archiving utility