Microsoft “mitigates” Windows LNK flaw exploited as zero-day

vm_admin
Microsoft “mitigates” Windows LNK flaw exploited as zero-day

By Sergiu Gatlan
Publication Date: 2025-12-03 16:45:00

Microsoft has silently “mitigated” a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks.

Tracked as CVE-2025-9491, this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files.

Threat actors distribute these files in ZIP or other archives because email platforms commonly block .lnk attachments due to their risky nature.

The vulnerability lies in how Windows handles .LNK files, allowing threat actors to exploit the way the operating system displays them to evade detection and execute code on vulnerable devices without the user’s knowledge by padding the Target field in Windows .LNK files with whitespaces to hide malicious command-line…

Related Posts

Page not found | Channel Insider
Page not found | Channel Insider

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers…

Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily – MSN

Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily  MSN Article Source http://www.msn.com/en-us/technology/software/microsoft-outlook-has-a-new-critical-flaw-that-spreads-malware-easily/ar-AA1xouPn?ocid\u003dBingNewsVerp\u0026apiversion\u003dv2\u0026noservercache\u003d1\u0026domshim\u003d1\u0026renderwebcomponents\u003d1\u0026wcseo\u003d1\u0026batchservertelemetry\u003d1\u0026noservertelemetry\u003d1 Facebook Twitter Pinterest LinkedIn Digg Tumblr…