On February 20th, researchers at Check Point disclosed a code execution flaw in the popular archive utility WinRAR [1].

In a proof-of-concept exploit, researchers demonstrated that malicious files opened by the utility could be written to the startup folder in Windows then executed on next reboot. Available endpoint telemetry across eSentire customers indicates vulnerable versions of WinRAR are widely deployed. Customers are encouraged to update WinRAR clients or use an alternative archive utility. 

What we’re doing about it

  • Detection has been deployed to esENDPOINT sensors

What you should do about it

  • Download and install the latest WinRAR update [2].

  • Use an alternative archiving utility

Additional information


[1] https://threatpost.com/winrar-flaw-500-million-users/142080/

[2] https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=111&cHash=7e2fd80e7b9daad5a224dc7cedbcefcb

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory and Managed Prevention capabilities.