Attention! Update WinRAR immediately on your Windows PC

Home » News

Reading time icon 1 min. read

Calendar icon Published on

by Rafly Gilang 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

You should update WinRAR on your PC because there’s a new known vulnerability in town. It’s called CVE-2023-38831, and here’s what it means.

Google’s Threat Analysis Group (TAG) has apparently spotted the vulnerability, used by multiple hacking groups, and it could put your WinRAR app in danger.

Cybercrime groups began exploiting the vulnerability in early 2023 when the bug was still unknown to defenders. A patch is now available, but many users still seem to be vulnerable.

Attackers can run any code they want on your computer by getting you to open a harmless file (like a PNG image) inside a ZIP archive through the popul. This is because of a bug in Windows that happens when you try to open a file with a name that has spaces in it.

“When a user double-clicks on a benign “poc.png_” (underscore is used to indicate a space) from WinRAR’s user interface, WinRAR prior to 6.23 will instead execute “poc.png_/poc.png_.cmd”, Google’s update reads.

You can update your WinRAR app from its official website.

Thought on this?

Rafly Gilang

Rafly Gilang Shield

Tech Reporter

Rafly is a reporter with years of journalistic experience, ranging from technology, business, social, and culture. Currently reporting news on Microsoft-related products, tech, and AI on MSPowerUser. Got a tip? Send it to [email protected]

User forum

1 messages