A high-severity security flaw in widely used Windows-only utility WinRAR (CVE-2023-40477, CVSS score: 7.8) has the potential to allow a threat actor to achieve remote code execution (RCE) on Windows systems.
The vulnerability occurs due to improper validation of user-supplied data while processing recovery volumes. The Zero Day Initiative (ZDI) has issued an advisory, stating that "an attacker can leverage this vulnerability to execute code in the context of the current process." The flaw can be exploited if the user visits a malicious page or opens a malware-laced archive file.
These vulnerabilities don’t happen often but when they do attackers take note.
Users are advised to update to the latest version to mitigate potential threats.
Endpoint Security, Vulnerability Management
RARLAB rolled out the WinRAR version 6.23 on August 2, 2023, effectively resolving this vulnerability.
Update to the latest version immediately
Do not open any file you received without scanning it for malware first.
As each new vulnerability it is a reminder to take note and validate your cyber hygiene and stay ahead of threat actors.
Implement and test an Incident Response plan, sample plan can be obtained here.
Reach out to 24x7x365 Incident Response team at email@example.com
1. New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC. (2023, August 21). The Hacker News. https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html
2. RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability (2023, August 17). Zerodayinitiative.com. https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
How can CyberForce|Q services help you address this risk?
Partner with CyberForce|Q our cybersecurity experts can assist with writing and implementing a patch management system for your organization. Also, our Incident Response team can work with you to help develop, implement, and test your incident response plan. Customized Tabletop exercises are encouraged for all organizations. Our cutting-edge Security Operations Center is purpose-bult to tackle the challenge of monitoring your systems 24x7x265. By leveraging our services, we can help minimize the risk associated with an IT Infrastructure Security risk with measurable results.
Learn more about CyberForce|Q.
Learn more about our Q|FRAME Assessment Services.