Government warns Windows users of critical file compressor tool flaw

India’s cybersecurity agency has issued a high-severity security alert for Windows users over critical flaws in a widely used file compression tool, warning that the vulnerabilities could open the door to remote cyberattacks.

According to the Indian Computer Emergency Response Team (CERT-In), millions of PCs and laptops may be at risk if the tool is outdated or compromised. The vulnerabilities, which fall under the categories of remote code execution and arbitrary file write, could allow attackers to execute malicious code, install malware, or gain unauthorized system access without the user’s knowledge.

Read more: CERT-In issues high-severity alert for Apple users over critical security flaws

"A directory traversal vulnerability has been reported in WinRAR which could allow a remote attacker to achieve persistence, gain unauthorized access, and perform further malicious activities on the affected system," the advisory read.

The threat stems from specially crafted archive files — such as .zip, .rar, or .7z formats — that exploit weaknesses in the tool’s parsing or extraction routines. Simply opening or extracting such an archive could trigger the exploit, making even routine file operations potentially dangerous.

Given the software’s widespread use across workplaces, educational institutions, and personal devices, the impact of these vulnerabilities could be significant. The government has warned that malicious archives may be distributed via email attachments, messaging apps, or free download sites, increasing the risk of widespread exploitation.

Read more: Centre ramps up cybersecurity scrutiny: Ministries, PSUs told to comply with new audit guidelines

Users have been advised to update the compression tool immediately from official sources only, avoid downloading from third-party mirrors or fake websites, and never open compressed files from unknown senders.

CERT-In also flagged tell-tale signs of potential threats, such as unexpected requests for elevated privileges during extraction or archives launching scripts or installers without clear reason.