WinRAR security flaw ignores Windows Mark of the Web security warnings
WinRAR has been a staple in the PC community for decades, offering the ability to compress data into compact files for easier transfer. With that, however, comes the occasional security concern, and today we have an example of just such a situation. Reports have begun to circulate, highlighting an issue in all but the latest edition of WinRAR that enable software to execute without the Windows Mark of the Web (MotW) security warning pop-ups.
If you aren't familiar with the MotW warnings, you might recognize them as the pop-ups that warn you against running strange software from the internet. It typically includes a blurb explaining that it's dangerous to execute applications downloaded from unfamiliar sources, and includes both an option to continue regardless or to cancel the operation entirely. This system can apparently be skipped over entirely in older versions of WinRAR, making for a greater security risk.
The official release notes for version 7.11 confirm that this vulnerability has been nullified and goes on to detail the fixed issue. The notes state, "if symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored." As long as you update to the latest version, this security flaw shouldn't be an issue.
WinRAR confirmed that the security flaw was identified by Shimamine Taihei of Mitsui Bussan Secure Directions, Inc. The concern was reported directly to the WinRAR team who were able to tackle the issue and resolve it by the time version 7.11 was released. In the report, the issue was described, "If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed."
It's important to note that while this security flaw requires users to manually open links to initiate potential attacks, it still increases the security risk by skipping the pop-up Windows warning system entirely. The MotW system is just an extra layer, warning users before they execute suspicious code, to help stop malware from automatically propagating. However, the MotW pop-ups can be a crucial step in mitigating the spread of unwanted software. It's best to update your version of WinRAR to the latest version to avoid any potential mishaps going forward.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fox News
an hour ago
- Fox News
What happens when Windows 10 support ends in 2025?
Windows 11 has had poor adoption, with many people sticking to the good old Windows 10. Microsoft has been pushing users to upgrade, threatening to end software support and warning about potential cybersecurity risks. But Windows 11 isn't exactly the best OS to come out of Redmond. Even if it were, many people simply can't upgrade because of its steep system requirements. In fact, it took Windows 11 nearly four years after its 2021 debut to finally surpass its predecessor in user numbers. Now that Windows 10 is being phased out, many users, especially those with older PCs that don't meet the hardware requirements, are understandably concerned. Tony from Wisconsin recently asked us the same thing: "I heard that Microsoft will stop providing security patches for Windows 10 after October. My laptop can't be upgraded to Windows 11 because the CPU is too old. Since I'm not tech-savvy and don't feel comfortable replacing the CPU (nor do I want to), I'm wondering if I have a good antivirus program, do I still need to upgrade? Or will my system still be vulnerable to hackers and viruses?" I understand your concern, Tony. Sticking with an unsupported OS brings security risks. Security researchers warn that unsupported systems, such as Windows 10, will become increasingly attractive targets for hackers. Hackers often reverse-engineer patches released for newer systems like Windows 11 to find similar flaws in older ones like Windows 10. With no more fixes coming, those vulnerabilities remain wide open, making unsupported systems a tempting target. However, you are not without options, and you have a defense. Let's walk through what you can do if your PC is still running Windows 10. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my According to Statcounter, Windows 11 has finally overtaken Windows 10 in terms of desktop and laptop usage as of early July. The newer OS now accounts for 52 percent of all Windows installations, up sharply from just under 48 percent in June. In the same period, Windows 10 dropped from 53.2 percent to 44.6 percent. Interestingly, Windows 7 still holds a small but notable presence, with 2.35 percent of users refusing to let it go. This shift comes nearly four years after Microsoft announced Windows 11 in June 2021. From the start, it was criticized for strict hardware rules. It required a TPM 2.0 chip and newer processors. Many functional PCs were left unable to upgrade. The operating system also introduced a revamped user interface that some users found unnecessary or confusing, leading to a slow adoption rate. Windows 10 is reaching the end of its official support on October 14, 2025. That means Microsoft will stop releasing new features and routine security updates for the general public. For most users, this marks the end of the road, unless they take specific steps to keep receiving updates. To extend security updates beyond this deadline, Microsoft is offering a program called Extended Security Updates (ESU). Normally, this would cost $30 per year for personal users. However, Microsoft is making the first year free if you back up your PC using the Windows Backup app and sync your settings to OneDrive, or if you redeem 1,000 Microsoft Rewards points. Microsoft hasn't disclosed pricing beyond the first year, so it's unclear whether the $30/year rate will remain the same in 2026 and 2027. If you don't opt into either of those methods, you'll need to pay the $30 to continue receiving critical patches through October 2026. This is especially relevant for those who can't upgrade to Windows 11 due to hardware limitations. Even after general support ends, Microsoft will keep updating Microsoft Defender Antivirus on Windows 10 until October 2028. So while full system security updates will stop for most, basic malware protection will continue for a few more years. You can continue using Windows 10 until October 14, 2025, with full access to regular security and stability updates. After that, you can extend protection by enrolling in Microsoft's Extended Security Updates program. The first year is free if you use the Windows Backup app to sync your settings to OneDrive, or if you redeem 1,000 Microsoft Rewards points. If your computer meets the hardware requirements for Windows 11, upgrading is the easiest long-term solution. You'll get access to ongoing feature updates, improved security, and long-term support through at least 2031. Google offers a free operating system called ChromeOS Flex, designed for older PCs and laptops. It's based on the same system used in Chromebooks and focuses on speed, simplicity, and security. However, it doesn't support Android apps or some hardware features like fingerprint readers and may not work for tasks like video editing or gaming.. This can be a great option if you mostly use web apps like Gmail, Google Docs, or Zoom. Linux distributions like Ubuntu, Linux Mint, or Zorin OS provide a stable and user-friendly experience, especially for those coming from Windows. You can use them on older hardware without any licensing fees, and they come with access to thousands of free applications. While there may be a bit of a learning curve, many users find Linux reliable and surprisingly easy to adapt to for everyday tasks like browsing, writing, and media playback. If your current system can't handle Windows 11 and you are not interested in alternatives like ChromeOS or Linux, investing in a new computer may be the most straightforward path. New devices come with Windows 11 pre-installed and are built to support it fully. This ensures you'll continue to receive updates, features, and support for several years without additional effort. Check out our top picks for the best desktop computers for 2025 at and also our top picks for best laptops at Learn how to securely get rid of your old PC or Mac by clicking If you decide to stick with Windows 10 beyond its official support period, having strong third-party antivirus protection becomes even more important. While Microsoft Defender will continue receiving updates until 2028, it may not be enough on its own once the system stops getting core security patches. Installing a reputable antivirus program can help protect your device from malware, phishing, and other threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Before making any big changes, be sure to back up your important files. You can use cloud services like OneDrive or Google Drive, or plug in an external hard drive. If you mainly use your computer for email, browsing, or video calls, a tablet or Chromebook might be all you need. They're low-maintenance, secure, and often more affordable than a new Windows laptop. Check out our top picks for the best tablets of 2025 at The end of Windows 10 support isn't a crisis, but it does require action. You should start planning your next move now. Consider upgrading to a newer version of Windows. You could also switch to a different operating system. Another option is investing in stronger security tools. And be on alert: as Windows 10's end-of-life nears, scammers will take advantage. Watch out for phone calls, emails, or pop-ups pretending to be from Microsoft offering "urgent upgrade help." Microsoft doesn't call users out of the blue—these are scams trying to steal your personal info or install malware. Whatever you choose, don't delay the decision. Make sure your PC stays protected and up to date. Key Windows 10 Dates to Know: Will you pay for Extended Security Updates or use the free options Microsoft is offering? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
CNBC
an hour ago
- CNBC
Microsoft's Satya Nadella says job cuts have been 'weighing heavily' on him
Microsoft has laid off over 15,000 people so far in 2025. The stress of the belt-tightening has gotten to CEO Satya Nadella. "Before anything else, I want to speak to what's been weighing heavily on me, and what I know many of you are thinking about: the recent job eliminations," Nadella wrote in a memo to employees Thursday. After Microsoft's latest labor reductions, investors pushed the stock's closing price above $500 for the first time on July 9. The company announced the layoffs of about 9,000 people a week earlier. Microsoft employed 228,000 people as of June 2024 — it hasn't provided a new figure that takes into account its layoffs this year. "This is the enigma of success in an industry that has no franchise value," he wrote. "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." The cuts at Microsoft are reflective of an overall trend across the tech industry, with over 80,000 positions eliminated to date in 2025, according to one count. Recruit Holdings announced earlier this month that it would lay off 1,300 people from its human resources technology segment that includes the Indeed and Glassdoor websites. The company's CEO pointed to artificial intelligence in a memo, Bloomberg reported. On social media in recent months, some Microsoft employees have become disheartened about the company's cutbacks, given its stature. "I have loved working for this company, still do, but this has done so much damage to that loyalty because it has shown that Microsoft's espoused values do not apply to business decisions at the macro level," a person who lists themselves as a Microsoft directed on LinkedIn posted last week. Microsoft is the world's most valuable public company after Nvidia, whose chips have become a critical piece of the AI arms race. Microsoft's Windows and Office franchises remain dominant, and its Azure cloud services have seen faster growth in recent years as OpenAI and other companies rent out Nvidia graphics cards to run AI models. In the memo, Nadella touched on Microsoft's mission for the past 10 years, which has been to empower every person and every organization on the planet to achieve more, and how the rise of AI is changing it. "We must reimagine our mission for a new era," he wrote. "What does empowerment look like in the era of AI? It's not just about building tools for specific roles or tasks. It's about building tools that empower everyone to create their own tools. That's the shift we are driving — from a software factory to an intelligence engine empowering every person and organization to build whatever they need to achieve." Microsoft reports fiscal fourth-quarter results on Wednesday.
Business Wire
2 hours ago
- Business Wire
Avangrid Achieves Milestone with 80 Power Generation Projects in Operation
ORANGE, Conn.--(BUSINESS WIRE)--Avangrid, Inc., a leading energy company and member of the Iberdrola Group, today announced that it has placed its 80 th U.S. power generation project into operation, marking a major milestone for the company as it provides energy to homes and businesses in 23 states across the country. Over the past six months, Avangrid announced that it achieved commercial operation on three new solar projects in Texas, Ohio, and California, adding nearly 600 megawatts (MW) to the grid, enough energy to power over 100,000 homes. This achievement builds on Avangrid's commitment to helping the nation meet its growing demand for energy while bolstering the U.S. economy. 'For over two decades, Avangrid has been delivering energy to homes and businesses across the nation, and today that portfolio has grown to 80 facilities spanning from coast to coast,' said Jose Antonio Miranda, Avangrid CEO. 'Achieving this milestone comes at a critical time as we work to bring new energy capacity online to meet growing electricity demand from a variety of sources, particularly the construction of new data centers. In just the past six months, Avangrid has achieved commercial operation at three new projects, demonstrating our ability to meet the needs of our customers and bring needed capacity to increasingly strained electric grids. We will continue to collaborate with our partners as we work to secure American energy independence and support jobs and economic growth across the U.S.' In March 2025, Avangrid announced that it achieved commercial operations at its True North Solar project in Falls County, Texas. This 321 MWdc project is supporting Meta's operations, including its upcoming data center in Temple, TX. In June 2025, Avangrid announced commercial operations at Camino Solar, a 57 MWdc project in Kern County, California as well as commercial operations at Powell Creek Solar, a 202 MWdc project in Putnam County, Ohio. Communities across the country realize tangible economic and social benefits thanks to Avangrid's portfolio of projects. These 80 operating projects supported over 12,000 jobs (direct, indirect, and induced) last year. Additionally, the company's power generation business contributed $112 million in taxes to state and local jurisdictions, paid $97 million in lease payments, and delivered $2.1 million in community support in 2024. Avangrid, including its power generation business and regulated utilities in the Northeast, has also grown its support of U.S. companies through its supply chain, investing $4.3 billion with U.S. companies last year. In Oregon and Washington, for example, Avangrid has a large business office, its National Control Center, National Training Center, and approximately 3.0 GW of generating capacity, representing a key region for the company. Avangrid's operations support approximately 500 jobs and paid nearly $30 million in taxes, combined across both states. 'For many years, Avangrid has been a valuable member of Oregon's business community and has played an important role in providing Oregonians with reliable energy,' said Angela Wilhelms, president and CEO of Oregon Business and Industry. 'Avangrid has been a leader in the energy industry in the Northwest for many years, with a talented local workforce, innovative operations, and competitive solutions for power customers around the country,' said Spencer Gray, executive director of the Northwest & Intermountain Power Producers Coalition. 'I congratulate Avangrid on reaching this milestone and continuing its track record of excellence as an independent power generator.' With energy demand expected to surge over the next decade, largely due to the construction of new data centers, Avangrid's ability to bring new energy projects is vital. The company already has approximately 1.5 gigawatts (GW) of capacity that supports data centers with an additional 650 MW under construction or will be under construction soon. Avangrid is actively working on new projects that will help meet expected energy demand growth in the coming years. In March 2025, Avangrid announced its plan to invest $20 billion in U.S. electrical grid infrastructure through the end of the decade. The plan reflects the critical need to invest in energy infrastructure to meet growing demand, as well as the United States' position as a top investment priority for Avangrid and Iberdrola. About Avangrid: Avangrid, Inc. is a leading energy company in the United States working to meet the growing demand for energy for homes and businesses across the nation through service, innovation, and continued investments by expanding grid infrastructure and energy generation projects. Avangrid has offices in Connecticut, New York, Massachusetts, Maine, and Oregon, including operations in 23 states with approximately $48 billion in assets, and has two primary lines of business: networks and power. Through its networks business, Avangrid owns and operates eight electric and natural gas utilities, serving more than 3.4 million customers in New York and New England. Through its power generation business, Avangrid owns and operates 80 energy generation facilities across the United States producing 10.5 GW of power for over 3.1 million customers. Avangrid employs approximately 8,000 people and has been recognized by JUST Capital as one of the JUST 100 companies – a ranking of America's best corporate citizens – in 2025 for the fifth consecutive year. The company was named among the World's Most Ethical Companies in 2025 for the seventh consecutive year by the Ethisphere Institute. Avangrid is a member of the group of companies controlled by Iberdrola, S.A. For more information, visit
