Your Stolen WinRAR Copy Is Being Actively Exploited In The Wild, Patch ASAP
CVE-2025-6218 (WinRAR Directory Traversal Remote Code Execution Vulnerability) applies to all Windows WinRAR users who haven't updated the application to version 7.12, or higher. Linux, Android, and Unix users are not impacted. Vulnerable users are being targeted with malicious web pages and phishing emails, especially business users. If you haven't already, make sure your copy of WinRAR is up-to-date, since the vulnerability allows for remote code execution that could compromise your entire system. This actually isn't the only WInRAR attack we've seen this year, though the methods of transferring the attack through email and phishing pages are familiar.
CISA.gov
CVE-2025-62221 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability) relates to a Windows vulnerability within the Windows Cloud Files Mini Filter Driver. A "use after free" exploit allows attackers to elevate privileges locally by reusing or referencing memory that should have already been freed. The specific methods through which this vulnerability could be used are not documented, but the common culprits of malicious web pages and emails are viable for an attack like this. This default system driver is typically used by OneDrive, Google Cloud, and other cloud providers.
The CVE page highlights Windows 10 Version 21H2 as particularly vulnerable, but also lists Windows 10 Version 22H2, Windows Server 2025, and Windows 11 as "unknown". Per Hacker News' coverage, Microsoft does seem to have already patched this particular CVE. Windows 10 users hoping to avoid these problems will likely be forced to upgrade to Windows 11 or, at least, opt for Extended Security Updates since the OS no longer receives automatic patches.
