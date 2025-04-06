WinRAR security flaw ignores Windows Mark of the Web security warnings

News
By published

Don't worry–it's been patched now, but old versions will remain vulnerable.

WinRAR bag
(Image credit: tern_et, via X)

WinRAR has been a staple in the PC community for decades, offering the ability to compress data into compact files for easier transfer. With that, however, comes the occasional security concern, and today we have an example of just such a situation. Reports have begun to circulate, highlighting an issue in all but the latest edition of WinRAR that enable software to execute without the Windows Mark of the Web (MotW) security warning pop-ups.

If you aren't familiar with the MotW warnings, you might recognize them as the pop-ups that warn you against running strange software from the internet. It typically includes a blurb explaining that it's dangerous to execute applications downloaded from unfamiliar sources, and includes both an option to continue regardless or to cancel the operation entirely. This system can apparently be skipped over entirely in older versions of WinRAR, making for a greater security risk.

The official release notes for version 7.11 confirm that this vulnerability has been nullified and goes on to detail the fixed issue. The notes state, "if symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored." As long as you update to the latest version, this security flaw shouldn't be an issue.

WinRAR confirmed that the security flaw was identified by Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. The concern was reported directly to the WinRAR team who were able to tackle the issue and resolve it by the time version 7.11 was released. In the report, the issue was described, "If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed."

It's important to note that while this security flaw requires users to manually open links to initiate potential attacks, it still increases the security risk by skipping the pop-up Windows warning system entirely. The MotW system is just an extra layer, warning users before they execute suspicious code, to help stop malware from automatically propagating. However, the MotW pop-ups can be a crucial step in mitigating the spread of unwanted software. It's best to update your version of WinRAR to the latest version to avoid any potential mishaps going forward.

TOPICS
Ash Hill
Ash Hill
Contributing Writer

Ash Hill is a contributing writer for Tom's Hardware with a wealth of experience in the hobby electronics, 3D printing and PCs. She manages the Pi projects of the month and much of our daily Raspberry Pi reporting while also finding the best coupons and deals on all tech.

More about software
Microsoft Copilot bar on a nature scene.

Microsoft celebrates its 50th anniversary by letting Copilot see what you see
Copilot

Microsoft Copilot is now fully integrated with Windows 11 and Windows 10
AMD RDNA 4 and Radeon RX 9000-series GPUs

Nvidia engineer breaks and then quickly fixes AMD GPU performance in Linux
See more latest
1 Comment Comment from the forums
  • setx
    Windows' Mark of the Web is stupid idea in the first place. If user downloaded something and clicked to run it, he would select 'Yes' in that pseudo-security dialog.

    help stop malware from automatically propagating
    That's nonsense: if your browser automatically executes automatically downloaded stuff then your system is already compromised.
    Reply
Most Popular
AMD RDNA 4 and Radeon RX 9000-series GPUs
Nvidia engineer breaks and then quickly fixes AMD GPU performance in Linux
HDMI
China launches HDMI and DisplayPort alternative — GPMI boasts up to 192 Gbps bandwidth, 480W power delivery
Delidding AMD chips, testing performance differences
Delidded AMD Ryzen 9 9950X3D runs 23 degrees cooler
PhysX
Nvidia's PhysX and Flow go open source — Running legacy PhysX on RTX 50 may be possible using wrappers
Melted RTX 5090 connector
Another RTX 5090 connector melts down, reportedly taking a PSU with it
AMD MI200 supercomputer node rendering
AMD sets new supercomputer record, runs CFD simulation over 25x faster on Instinct MI250X GPUs
Quake II Demo
You can now play a real-time AI-rendered Quake II in your browser — Microsoft's WHAMM offers generative AI for games
Vaio laptop
Vaio touts 'tariff free' inventory for sale — Intel-powered laptops on sale while supplies last
RTX 4070 CNC
Compact RTX 4070 with an aluminum CNC-machined shroud is perfect for SFF builds
Andrew Mayhall and Andrew Martinussen
3D Gloop! Wants to Stick Customers to the Floor