When a patch comes out, if at all possible, they need to be applied. While easier said than done, it really comes into play as a 19-year-old code execution vulnerability in the popular WinRAR compression tool is suffering from attacks.
Rarlab reports there are over 500 million users of this program and a patched version, 5.70, released February 26, but attackers are releasing exploits in an effort to reach vulnerable systems before they end up patched, according to a report from McAfee.
“One recent example of an attack piggybacks on a bootlegged copy of Ariana Grande’s hit album “Thank U, Next” with a file name of ‘Ariana_Grande-thank_u,_next(2019)_.rar,’” McAfee researchers Craig Schmugar and Mark Olea said in a post.
“When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Account Control (UAC) does not apply, so no alert is displayed to the user. The next time the system restarts, the malware is run,” the researchers said.
“In the first week since the vulnerability was disclosed, McAfee has identified over 100 unique exploits and counting, with most of the initial targets residing in the United States at the time of writing,” Schmugar and Olea said.