eBook: Top 10 Tips for Delivering a Great Digital Experience for Remote Workers Read the eBook
Perform an update of WinRAR to the version 5.70 English to patch the vulnerability (CVE-2018-20250) discovered with ACE packages handling.
220.127.116.11 - 09 Aug 2019 - Initial release
18.104.22.168 - 09 Aug 2019 - Campaigns now can be called independently
22.214.171.124 - Initial release
In WinRAR versions prior to and including 5.61, a vulnerability when managing ACE files has been discovered. When the filename is manipulated with some patterns, the destination folder is ignored and malicious files could be extracted anywhere without any notice.In order to run a silent execution, campaign can be skipped by providing an empty GUID as input CampaignId. In such case, WinRAR will be closed and updated automatically.
Execution context and suggested scheduling
Run the script as 'local system'. The script should be executed every 4 weeks.
A timeout of 720 seconds is recommended.
UID of the campaign to notify user that WinRAR must be closed. Provide an empty GUID to avoid executing this campaign
Operation Completed Campaign Id
UID of the campaign to notify the user about the finish of the WinRAR update process. Provide an empty GUID to avoid executing this campaign
Maximum Delay In Seconds
Maximum random delay set to avoid overloading server hosting virtual machines. Provide number of seconds less than 600
WinRAR version retrieved after performing the update process
The script downloads and installs English version of WinRAR, any other language will be replaced.
In case of the device does not have WinRAR installed, the update process is skipped.
The script is executed as localSystem user and it needs access to Internet to perform the update process.