A vulnerability has been discovered in all versions of WinRAR. The flaw allows an attacker to disable one of Windows' main security features, Mark of the Web. This involves adding a warning in the form of metadata to files downloaded from the Internet.
The operating system will then treat the files with caution, fearing that they might hide malware. When you launch a marked file By using a Mark of the Web, Windows warns the user that they are coming from the Internet, that it may be dangerous, and offers to either continue or cancel.
How does the vulnerability bypass Windows security?
As WinRAR explains on its website, the vulnerability allows an attacker to bypass the security warning by using a special link that points to a dangerous file. If a compressed file contains a symbolic link (symlink) pointing to an executable, WinRAR could open it without displaying the usual warning, even if the file comes from the Internet. This is a file type that acts as a shortcut to another file or folder. When you open this link, the system automatically redirects to the target, as if you were directly accessing the original.
As a result, users may not realize that the file is potentially malicious. The flaw can lead to arbitrary code execution on the computer. This is widely used in Unix/Linux systems, but it is also possible on Windows, provided you have administrator rights on the system. The attacker must therefore firsthave administrator access to exploit the vulnerability and carry out the cyberattack.This is why the flaw has a severity score of medium, as indicated by the official repository of computer security vulnerabilities from the MITRE Corporation.
This is not the first vulnerability that results in the disabling of Mark of the Web warnings. Last summer, hackers used a flaw to block SmartScreen, the mechanism that will affix the "Mark of the Web" label on downloaded files.
Install WinRAR version 7.11
To correct this, WinRAR has released a new version of its famous software. WinRAR version 7.11 contains a fix. If you are a WinRAR user, we invite you to install the update without delay.
Source: Winrar
0 Comments