I-SHOU UNIVERSITYOffice of Library & Information Services

The National Institute of Cyber Security (NICS) has recently identified a critical security vulnerability in WinRAR (CVE-2025-8088).

Remote attackers can exploit this vulnerability by distributing malicious archive files via phishing emails. These attacks are triggered through "seemingly normal .rar files" and can lead to:

• 💻 Malware implantation
• 📂 Data theft
• 🔄 Malicious programs setting themselves to auto-run on startup

🚨 Risk Alert: School-licensed versions of WinRAR older than version 7.13 are at the highest risk. Please update immediately or switch to a secure alternative.

🛠️ How to Update WinRAR (Choose one method)

Method 1: For General Users (Download via Official Website)

1. Open your web browser and visit the official WinRAR website: https://www.rarlab.com/download.htm
2. Download the version appropriate for your system (WinRAR x64 (64 bit) is the most common for Windows).
3. Follow the on-screen installation steps to complete the update.

Method 2: For Advanced Users (Via Command Line / CMD) Windows users can update using the system's built-in "Package Manager":

1. Type CMD in the Windows search bar. Locate Command Prompt, right-click it, and select "Run as administrator".
2. In the black window that appears, type the following command and press Enter: winget upgrade --name WinRAR RARLab.WinRAR
3. The system will automatically download and install the latest version of WinRAR.

🔒 Recommended Secure Alternatives

If you prefer not to update WinRAR, we recommend switching to these secure tools:

• ✅ Windows 11 Built-in Tool: Use the native extraction feature in Windows 11.
• ✅ 7-Zip: A free and secure open-source alternative. (Download Link)

⚠️ Important Security Reminders

• ❌ Do not install cracked versions or software from unknown sources.
• ⚠️ Remain highly vigilant regarding .rar attachments from unknown senders.

Thank you for your cooperation in maintaining our cybersecurity.