Find All Vulnerable WinRAR Installations on Your Network
Winrar, the never-ending trial software is still one of the most popular archiving and compression tools. However, there have been multiple vulnerabilities in older versions. Starting with a very old vulnerability that allows attackers to extract malicious software to anywhere. Additionally, outdated components in older versions can be abused to redirect users to malicious websites.
The audit below is color-coded to provide an overview of all Winrar installations while at the same time indicating whether they should be updated or not to prevent any security issues. Find all computers in your network which have a Winrar installation. Identify which computers need an update to be secure again any abuse of this vulnerability.
Winrar Vulnerability Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblSoftware.softwareVersion As Version,
tblSoftwareUni.SoftwarePublisher As Publisher,
Case
When tblSoftware.softwareVersion Like '6%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 02 Then
'Out of date'
When Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) <= 5 Then
'Out of date'
Else 'Up to date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblSoftware.Lastchanged,
Case
When tblSoftware.softwareVersion Like '6%' And
Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 02 Then
'#ffadad'
When Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) <= 5 Then
'#ffadad'
Else '#d4f4be'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%Winrar%' And
tblSoftwareUni.SoftwarePublisher Like '%win.rar%' And tblState.Statename =
'Active'