Security advisories | Feb 27, 2019

WinRAR Code Execution Flaw

On February 20th, researchers at Check Point disclosed a code execution flaw in the popular archive utility WinRAR [1].

In a proof-of-concept exploit, researchers demonstrated that malicious files opened by the utility could be written to the startup folder in Windows then executed on next reboot. Available endpoint telemetry across eSentire customers indicates vulnerable versions of WinRAR are widely deployed. Customers are encouraged to update WinRAR clients or use an alternative archive utility.

What we’re doing about it

  • Detection has been deployed to esENDPOINT sensors

What you should do about it

  • Download and install the latest WinRAR update [2].

  • Use an alternative archiving utility

Additional information

References:

[1] https://threatpost.com/winrar-flaw-500-million-users/142080/

[2] https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=111&cHash=7e2fd80e7b9daad5a224dc7cedbcefcb