Attention! Update WinRAR immediately on your Windows PC

Reading time icon 1 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

You should update WinRAR on your PC because there’s a new known vulnerability in town. It’s called CVE-2023-38831, and here’s what it means.

Google’s Threat Analysis Group (TAG) has apparently spotted the vulnerability, used by multiple hacking groups, and it could put your WinRAR app in danger.

Cybercrime groups began exploiting the vulnerability in early 2023 when the bug was still unknown to defenders. A patch is now available, but many users still seem to be vulnerable.

Attackers can run any code they want on your computer by getting you to open a harmless file (like a PNG image) inside a ZIP archive through the popul. This is because of a bug in Windows that happens when you try to open a file with a name that has spaces in it.

“When a user double-clicks on a benign “poc.png_” (underscore is used to indicate a space) from WinRAR’s user interface, WinRAR prior to 6.23 will instead execute “poc.png_/poc.png_.cmd”, Google’s update reads.

You can update your WinRAR app from its official website.

Thought on this?

Leave a Reply

Your email address will not be published. Required fields are marked *