True, a lot of them don't pay any attention to such things. That said, it's a full time job keeping your PC updated. Nobody else where I work has a clue.
the patch concerns rar4 recovery volumes. rar5 is now 10 year default setting. the patch landed in winrar(.exe), or grab unrar lib like TC made it. and yes, older versions of winrar(.exe) are vulnerable.
Guys, I don't know if this has been posted before, but this flaw was actually used by hackers. However, wouldn't a firewall (default-deny) easily block such an attack? https://www.bleepingcomputer.com/ne...xploited-since-april-to-hack-trading-accounts
What I'm saying is that I'm actually surprised this flaw has been already actively exploited. But yes, I believe a firewall will block this, since it needs to download malware in the background.
My bad, I somehow assumed it used some type of script to download malware, many attacks work like this. But in this particular case it wouldn't make sense since the user already downloaded the file. But what is clear is that they use all kinds of tricks to probably bypass the AV, strange that they don't mention if Win Defender could block it or not. Which is why I always recommend to install extra protection tools like anti-loggers to complement the AV.
