- Qhov tsis zoo hauv WinRAR tso cai rau cov neeg siv hla dhau Windows kev ceeb toom kev nyab xeeb thaum qhib cov ntaub ntawv rub tawm hauv Is Taws Nem.
- Qhov tsis txaus ntseeg, cais raws li CVE-2025-31334, cuam tshuam rau txhua qhov kev pab cuam ua ntej 7.11.
- Nws tso cai rau cov neeg tawm tsam los tua cov cai phem ntawm cov cim txuas (symlinks), hla lub cim ntawm lub vev xaib (MotW) feature.
- Cov kev daws teeb meem tam sim no muaj thiab muaj kev hloov kho mus rau qhov tseeb version ntawm WinRAR los ntawm cov ntaub ntawv raug cai.
Kev tshaj tawm tsis ntev los no tau raug tshaj tawm vulnerability hauv WinRAR, yog ib qho ntawm cov qub thiab nrov tshaj plaws cov ntaub ntawv compression cuab yeej nyob rau hauv lub ntiaj teb no, uas tso cai rau attackers mus evade ib tug ntawm cov tseem ceeb tshaj plaws kev ruaj ntseg mechanisms ntawm lub qhov rais operating system: lub thiaj li hu ua Mark ntawm lub Web (MotW). Qhov kev ruaj ntseg no tsis haum nthuav tawm cov neeg siv kom muaj kev phom sij los ntawm kev tua cov ntaub ntawv tsis zoo yam tsis muaj lus ceeb toom los ntawm lub kaw lus..
Raws li cov kws tshaj lij cybersecurity, Qhov tsis zoo no cuam tshuam rau txhua qhov kev hloov pauv ntawm qhov program ua ntej 7.11 thiab tau raug sau npe raws li txoj cai CVE-2025-31334. Qhov kev tshawb pom yog tsim los ntawm Shimamine Taihei, tus kws tshawb fawb ntawm Japanese cybersecurity firm Mitsui Bussan Secure Directions, uas tau tsa qhov teeb meem los ntawm Nyiv Lub Tsev Haujlwm Saib Xyuas Kev Tshawb Fawb Technology (IPA).
Qhov tsis txaus ntseeg hauv kev nthuav dav: yuav ua li cas hla kev tiv thaiv Windows
Qhov tsis zoo nyob hauv WinRAR kev tuav cov cim txuas, hu ua symlinks., uas yog cov ntaub ntawv uas ua raws li shortcuts rau lwm cov ntaub ntawv los yog directory. Thaum cov ntaub ntawv compressed muaj ib qho ntawm cov symlinks taw rau qhov kev ua tau zoo, thiab qhib los ntawm qhov tsis zoo ntawm WinRAR, Lub kaw lus tsis quav ntsej lub Web Brand cuam tshuam nrog cov ntaub ntawv.
La Web Brand Nws yog qhov kev ruaj ntseg tshwj xeeb rau Windows uas ntxiv ib daim ntawv lo tshwj xeeb rau cov ntaub ntawv rub tawm hauv Is Taws Nem, ceeb toom rau tus neeg siv tias cov ntsiab lus yuav muaj kev phom sij. Nquag, thaum koj qhib cov ntaub ntawv nrog tus chij no, Windows ceeb toom koj txog nws keeb kwm thiab thov kev pom zoo ua ntej tso cai rau nws khiav.
Nrog rau qhov kev txiav txim no, Attackers tuaj yeem tua cov kab mob phem yam tsis muaj kev xav tsis thoob, uas ua rau cov neeg siv kis tau tus kab mob ntau dua, cov ntaub ntawv tub sab, lossis txawm tias ntsiag to installation ntawm cov kev pab cuam txaus ntshai ntawm lawv lub computer. Txhua yam tshwm sim yam tsis muaj lub operating system tso tawm qhov ceeb toom qhov rais.
Nws yog qhov tseem ceeb kom nco tau tias Rau symlinks kom ua tau zoo, lawv yuav tsum tau tsim nrog cov cai tswj hwm ntawm lub operating system., yog li tus neeg tawm tsam yuav tau ua tiav qee theem ntawm kev nkag lossis kev dag ntxias rau tus neeg raug tsim txom.
Kev cuam tshuam ntawm qhov tsis zoo thiab nws qhov hnyav
La vulnerability tau muab cais nrog tus qhab nia ntawmthiab 6,8 tawm ntawm 10 ntawm CVSS nplai (Common Vulnerability Scoring System), uas muab nws tso rau ntawm qhov nruab nrab qhov hnyav. Txawm li cas los xij, cov kws tshaj lij pom zoo tias nws lub peev xwm los siv hauv kev tshaj tawm malware ua rau nws txaus ntshai tshwj xeeb yog tias ntsuas tsis tau raws sijhawm.
Cov txheej txheem no twb tau siv yav dhau los los ntawm cybercriminal pawg, raws li tau tshwm sim nyob rau hauv rooj plaub tsis ntev los no uas Qhov zoo sib xws hauv qhov kev pab cuam 7-Zip siv los faib Smokeloader, ib tug paub zoo malware loader. Nyob rau hauv tas li ntawd, cov neeg tawm tsam siv ob txoj kev compression los hla MotW ceeb toom thiab ua tiav cov cai yam tsis muaj kev ceeb toom rau tus neeg siv. Yog xav paub ntxiv txog lwm cov kev pabcuam compression, koj tuaj yeem mus saib qhov txuas no hais txog cov kev pabcuam compression.
Qhov xwm txheej tam sim no ntawm WinRAR tsis txawv heev, txij li Nws kuj yog ib qho cuab yeej siv dav thiab siv nyob rau hauv ob qho tib si hauv tsev thiab kev lag luam ib puag ncig. Qhov no nce qhov kev pheej hmoo tias qhov tsis zoo yuav raug siv dav ua ntej cov neeg siv hloov kho lawv cov tshuab.
Yuav Tiv Thaiv Koj Tus Kheej Li Cas: Hloov Kho Qhov Tseem Ceeb
Txoj kev daws teeb meem no twb tau luam tawm lawm los ntawm developers ntawm WinRAR los ntawm lub version 7.11 ntawm qhov program. Qhov kev hloov tshiab no kho tus cwj pwm ntawm symlinks kom ntseeg tau tias cov ntaub ntawv ua tiav tau chij los ntawm MotW txuas ntxiv tso saib cov lus ceeb toom tsim nyog thaum qhib.
upgrade rau Version 7.11 yog tib txoj hauv kev los tiv thaiv lub kaw lus tiv thaiv qhov tsis zoo no.. Cov kws tshaj lij pom zoo ua qhov hloov tshiab sai li sai tau thiab nyiam dua los ntawm WinRAR official lub website, yog li zam kev hloov pauv lossis cov qauv faib los ntawm peb tog uas tuaj yeem muaj cov software phem.
Ntxiv thiab, Nws yog ib advisable mus tsis tu ncua xyuas seb version ntawm lub software yog ntsia, tshwj xeeb tshaj yog nyob rau hauv ib puag ncig uas cov ntaub ntawv rhiab heev raug tuav lossis ntau cov ntaub ntawv tau txais hauv Is Taws Nem. Khaws cov ntawv thov mus rau hnub tim Nws yog ib qho kev coj ua zoo tshaj plaws los tiv thaiv teeb meem kev nyab xeeb.
WinRAR cov neeg tsim khoom tau tshaj tawm tias qhov kev txhim kho no suav nrog hauv 7.11 tso tawm cov ntawv, nrog rau lwm qhov kev hloov pauv me me thiab kev txhim kho, yog li tsis muaj laj thawj tsis ua rau kev teeb tsa sai li sai tau.
Cov lus qhia thiab dav dav kev ruaj ntseg ntsiab lus
Qhov teeb meem no ib zaug ntxiv highlights Qhov tseem ceeb ntawm cybersecurity hauv cov cuab yeej niaj hnub. Zoo li tsis muaj kev phom sij, xws li cov cuab yeej compression cov ntaub ntawv, tuaj yeem nkaum qhov txaus ntshai yog tias pom muaj qhov tsis zoo thiab raug siv ua ntej thaj ua rau muaj lossis siv.
Cov ntaub ntawv ntawm WinRAR tsis cais, raws li tau pom los ntawm qhov tshwm sim nrog rau lwm yam khoom siv zoo sib xws. Kev rov ua dua ntawm cov txheej txheem raws li kev hla dhau Mark ntawm Lub Vev Xaib (MotW) qhia tias cov neeg tawm tsam paub zoo txog nws qhov tsis muaj zog thiab tab tom nrhiav txoj hauv kev tshiab los siv lawv. Yog tias koj xav kawm ntxiv txog yuav ua li cas rau encrypt cov ntaub ntawv, koj tuaj yeem tshawb xyuas cov kab lus tshwj xeeb no.
Tshaj qhov yuam kev nws tus kheej, Qhov kev txhawj xeeb yog qhov yooj yim uas cov neeg siv tuaj yeem poob raug tsim txom. yooj yim los ntawm kev qhib cov ntaub ntawv seemingly harmless compressed. Qhov no tseem ceeb tsis tau tsuas yog kev ua haujlwm ntawm thaj chaw tab sis kuj yog qhov tseem ceeb ntawm kev paub ntawm cov neeg siv kawg.
Cov lag luam thiab cov neeg siv ib tus neeg yuav tsum tau siv txoj hauv kev tiv thaiv, ua tiav Kev hloov tshiab tsis tu ncua thiab zam kev rub tawm software lossis cov ntaub ntawv los ntawm qhov chaw tsis ntseeg siab. Siv cov cuab yeej tshuaj xyuas tus cwj pwm thiab cov software tshiab antivirus tuaj yeem pab txo qhov kev pheej hmoo.
Kuv yog ib tus neeg nyiam siv thev naus laus zis uas tau hloov nws txoj kev nyiam "geek" rau hauv txoj haujlwm. Kuv tau siv ntau tshaj 10 xyoo ntawm kuv lub neej siv cov cuab yeej siv thev naus laus zis thiab tinkering nrog txhua yam kev pab cuam tawm ntawm kev xav paub dawb huv. Tam sim no kuv tau tshwj xeeb hauv computer technology thiab video games. Qhov no yog vim ntau tshaj 5 xyoo kuv tau sau rau ntau lub vev xaib ntawm kev siv tshuab thiab kev ua si video, tsim cov ntawv uas nrhiav kom muab cov ntaub ntawv koj xav tau hauv hom lus uas txhua tus neeg nkag siab.
Yog tias koj muaj lus nug, kuv qhov kev paub yog los ntawm txhua yam ntsig txog Windows operating system nrog rau Android rau cov xov tooj ntawm tes. Thiab kuv txoj kev cog lus yog rau koj, Kuv ib txwm kam siv ob peb feeb thiab pab koj daws cov lus nug uas koj muaj nyob hauv lub ntiaj teb no hauv internet.