There have been signs of a new trend in the criminal scene for some time now. The search for vulnerabilities continues. But especially in widely used non-standard software, as updating becomes more difficult. The most recent example is the compression tool WinRAR. A comment from Trend Micro.
In one on August 02nd In a published statement, the manufacturer RARLAB described two notable vulnerabilities whose exploitation has already been proven and/or is relatively easy to exploit. The vulnerability CVE-2023-38831 describes that malware can be “smuggled” into specially prepared archives, while CVE-2023-40477 allows code to be executed on an affected machine. Both issues can be resolved by updating to the latest version of WinRAR. But the updates also have to be carried out and that is what causes difficulties for many companies.
WinRAR: Small vulnerability – big impact
How big is the danger? That is hard to say. There are apparently already “in the wild” archives for CVE-2023-38831 that confirm exploitation. In their case, the “bad guys” were faster. So far, such attacks have been found almost exclusively in the cryptocurrency world. Security solutions in companies can usually reliably keep such attacks under control using modern detection methods.
Things get more interesting at 2023-40477. It was found by security researchers and is therefore not a “zero day”. At 7.8, the vulnerability has a low CVSS score by Remote Code Execution (RCE) standards and is not classified as critical, but rather “important”. The reason is that user interaction must occur. Only someone with access to a machine can theoretically exploit it.
This is one of those cases where theory and practice depend on many things. Having access is the goal of all actions for cybercriminals - especially in the business sector. All it takes is for a vulnerable system to access prepared websites or open a corresponding file. These standard ransomware attack patterns allow the vulnerability to be exploited and the corresponding code to be executed. It is therefore only a matter of time before it is done.
Simple WinRAR update brings security
Both gaps can be fixed with a simple update to the latest version. But this is also often a challenge for companies. Because it is not standard software. There may be no central update mechanism and it may even happen that administrators are not aware of the existence of the software. If you don't know the background, the relatively low CVSS (Common Vulnerability Scoring System) value is something that ensures low prioritization in the corporate context. These are all reasons why hackers choose such security holes to attack. They are often not known and even if they are, they are considered low risk. According to Richard Werner, business consultant at Trend Micro.
More at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.