What is the problem?

Why you need to update WinRAR now.
Multiple government backed hacking groups are exploiting a known vulnerability CVE-2023-38831 which allows attackers to execute arbitrary code (RCE) on a target system.

RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file.

What is WinRAR?

WinRAR is a trialware file archiver utility for Windows which can create and view archives in RAR or ZIP file formats and unpack numerous archive file formats. According to the WinRAR website, over 500 million users worldwide make WinRAR the world’s most popular compression tool today.

Google’s Threat Analysis Group (TAG) has published the following comments:

A patch is now available, but many users still seem to be vulnerable,” says TAG in a blog post detailing the WinRAR exploit. “TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.

This is not the first time that this popular compression utility has been a concern. With the latest significant vulnerability reported back in 2019 regarding a remote code execution exploit.

Unfortunately, we still must test our Rich-text-formatted (RTF) files month as well. This follows on from another popular utility: Notepad++’s vulnerabilities include  CVE-2023-40031CVE-2023-40036CVE-2023-40164 and CVE-2023-40166.

Given these ongoing third part application issues and need for rapid patching, updates and re-publishing there is a definite need for:

  • A rapid 3rd party vulnerability assessment solution
  • Automated Repackaging
  • Automated Testing
  • Automated QA and documentation
  • Automated Publishing (to Microsoft Intune or SCCM)

There is only one company that can deliver that: Readiness with the Assurance application ownership plan.

A monthly, application charge gives you flexibility, control, and rapid response to ongoing application management threats.

Find out more here: Assurance Unbound

Greg Lambert