A newly discovered security vulnerability affecting WinRAR has been found to bypass Microsoft Windows' Mark of the Web (MotW) security feature, potentially exposing users to increased security risks.
The flaw, tracked as CVE-2025-24061 with a CVSS severity score of 7.8, was recently reported to Microsoft by a security researcher using the handle "SkorikARI." Microsoft addressed this vulnerability in their latest Patch Tuesday security updates.
The Mark of the Web is a Windows security feature that adds a special tag to files downloaded from the internet, triggering security warnings before users open potentially dangerous files. By exploiting this vulnerability, attackers could potentially circumvent these important security alerts.
The discovery came as part of a broader investigation into malware distribution campaigns using fake WinRAR websites. These campaigns were observed deploying various types of malicious software through GitHub repositories.
Security experts advise users to:
- Keep their Windows systems updated with the latest security patches
- Download software only from official sources
- Pay attention to security warnings when opening downloaded files
- Use up-to-date antivirus software
The WinRAR vulnerability highlights ongoing challenges in maintaining security for widely-used compression tools, which process files from potentially untrusted sources.
Microsoft's quick response in patching this security flaw demonstrates the company's commitment to addressing potential threats to user security. Users are encouraged to apply the latest Windows updates to protect against this vulnerability.