WinRAR is one of those long-standing applications that we’ve been using for longer than we can remember and are generally one of the first things we install on a new system (or reinstall, of course). It is true that its use today is not as frequent as it might have been before… well, I won’t say many years, lest it sound (recurring) like Grandpa’s battles, because there was a time when It was the strangest thing to find a Windows computer that didn’t have WinRAR installed.

Nowadays, although less common, It is still a widely used applicationalthough it is true that Microsoft’s plans to add native support for the RAR format in Windows 11 will certainly significantly limit its presence, although it is true that, as with other compression formats supported by Windows, the application for managing these types of files usually offers much more in this regard options.

Common (and of course logical) is that the level of interaction with the application itself is usually very low. During its installation, WinRAR will add, if the user allows it, items in the Windows context menu, which allow you to compress and decompress files directly from your desktop and file explorer. It’s true, yes, apps usually offer more features, but the needs of mere mortals boil down to compressing and decompressing files.

So, with the addition that this is a program that we do not normally open, and that it also does not have an automatic update function, nor does it have a current version check directly in the application (it is necessary to click on Help > Support and Updates to open a website with information about it), The most common is to find outdated installationswhich sometimes raises security issues, because although Rarlab fixes problems found in WinRAR with updates, many users are unable to use them.

So as we can read in Bleeping Computer, several state cybercrime and cyberespionage groups are actively exploiting the WinRAR vulnerability. The discovery is attributed to the Google Threat Analysis Group (TAG) and the vulnerability they are exploiting is identified as CVE-2023-38831, which was originally published under the parameters of responsible dissemination last August.

Rarlab published on time, updated version that fixes this vulnerability, 6.23but as I already indicated, there are many users who are using outdated versions, and since the complete vulnerability has already been published, cybercriminals could start using it much more actively, although the report that we can read in Incibe points out that the Vulnerability began to be exploited in April this year.