WinRAR labs encourages updates for exploit protection, which must be done manually by the user:

WinRAR contains a flaw that would let a .RAR file you download automatically extract an .exe file to your Startup folder. That .exe file would automatically be started the next time you sign into your PC, and it could infect your PC with malware.

Specifically, this flaw is a result of WinRAR’s ACE file support. An attacker simply needs to create a specially crafted ACE archive and give it the .RAR file extension. When you extract the file with a vulnerable version of WinRAR, it can automatically place malware in your Startup folder without any additional user action.

This serious flaw was found by researchers at Check Point Software Technologies. WinRAR contained an ancient DLL from 2006 to enable support for ACE archives, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE archives. Don’t worry—ACE archives are very rare.

WinRAR doesn’t automatically update itself. We’re also extremely disappointed that WinRAR’s website doesn’t highlight information about this security flaw and instead buries it in WinRAR’s release notes.   WinRAR reportedly has 500 million users worldwide, and we’re certain most of those users haven’t yet heard of this bug and updated WinRAR.