- Joined
- Apr 25, 2001
- Messages
- 15,775
Microsoft put an accidental hole in Windows Defender when they incorporated some code from unrar into the antivirus engine. This hole will allow remote code execution on the local machine so it's advised to get the update from Microsoft ASAP if you don't have auto-updates turned on. Until you patch don't open any unknown .rar files or you might compromise your system.
The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives.
The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives.