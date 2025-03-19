Windows has an 8-year-old security issue that is exploited and known by Microsoft for some time

Windows 11 set up is automatically enabling OneDrive folder back up for users
Martin Brinkmann
Mar 19, 2025
Updated • Mar 19, 2025
Security, Windows 11 News
|
6

Microsoft is doing a commendable job when it comes to Windows security. Keeping billions of devices secure is no small feat. Sometimes, however, it appears that someone at Microsoft is pushing the breaks regarding specific vulnerabilities.

Take the following attack method as an example. It is a vulnerability in .lnk shortcuts that is exploited to trigger malware downloads. It was discovered by Trend Micro in 2024 and reported to Microsoft in September 2024.

Security engineers at Trend Micro say that the issue has been exploited since at least 2017 and that it has found almost a 1,000 of these links in the wild already.

These links contain megabytes of whitespace characters according to Trend Micro to fool antivirus and other security solutions. Attacks come from four countries only -- North Korea, China, Russia, and Iran -- according to the researchers. Trend Micro revealed that the vast majority of attacks come from state-sponsored attack crews and fall in the information theft and espionage category. Government were targeted the most, followed by the private and financial sector, think tanks, and telecommunications.

The attackers download and install different malware payloads on successfully exploited systems. Among them notorious payloads and loaders such as Lumma Stealer or GuLoader.

Microsoft has not acted on the provided information. Trend Micro says that it decided to go public with the information because of Microsoft's inactivity. The threat "poses a significant risk "to the confidentiality, integrity, and availability of data maintained by governments, critical infrastructure, and private organizations globally" according to the researchers.

Microsoft classified the issue as low severity according to Trend Micro, indicating that the issue may not be patched in the "immediate future".

In a comment to The Register, a Microsoft spokesperson encouraged customers to "exercise caution when downloading files from unknown sources".

Shortcut files can be analyzed on local Windows systems. The problem with the disclosed vulnerability is that the link files are specifically crafted. This means that the user won't see the exploit when analyzing the link shortcut according to Trend Micro.

Some security solutions may recognize these malicious shortcuts already, others may do so in the near future.

Now You: what is your take on this? Should Microsoft develop a fix and release it? Feel free to leave a comment down below.

Summary
Windows has an 8-year old security issue that is exploited and known by Microsoft for some time
Article Name
Windows has an 8-year old security issue that is exploited and known by Microsoft for some time
Description
Trend Micro disclosed a new Windows vulnerability that exploits .lnk shortcut files to push malicious code on targeted systems.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

1Password password manager gets location support for faster access

LibreOffice: Windows vulnerability affects links in documents, patch available

There is a new PayPal Phishing Scam that you need to know about (using real PayPal emails)

Lexmark issues warning about critical security vulnerabilities in printer software

Popular AI App DeepSeek Sends Unencrypted Data to ByteDance Servers
Android chat app malware SafeChat

Mobile Malware attack used Store apps and OCR to steal cryptocurrency recovery codes

Tutorials & Tips

How to Capture Screenshots on Windows 10 and 11

Quick Ways to Open Device Manager in Windows 11

How To Move the Taskbar to the Top or Side on Windows 11?

Windows 11 Update Stuck: Fixed For Good


Previous Post: «

Comments

  1. Tsami said on March 19, 2025 at 6:48 pm
    Reply

    For subscribers, perhaps 0Patch will have neutralized the issue.

  2. TelV said on March 19, 2025 at 3:04 pm
    Reply

    If it’s Russian, steer it towards the US. Trump has apparently ordered their security apparatus to ignore Russian threats as being no longer credible: https://www.theguardian.com/us-news/2025/feb/28/trump-russia-hacking-cyber-security

    But maybe Trump is a Russian agent and is just following Putin’s orders: https://www.politico.eu/article/donald-trump-russia-the-hidden-history-of-trumps-first-trip-to-moscow/

  3. justAI said on March 19, 2025 at 2:43 pm
    Reply

    “Now You: what is your take on this? Should Microsoft develop a fix and release it? Feel free to leave a comment down below.”

    Really?

  4. JohnIL said on March 19, 2025 at 2:25 pm
    Reply

    Windows is just a legacy mess and it seems Microsoft treats it as a legacy product. Something they still need but are mostly concerned about pushing their AI and cloud services through. A necessary evil so to speak. Every month we see a laundry list of fixes and patches for security risks. Windows is like a rickety old damn that develops cracks and leaks monthly.

    1. Darium23 said on March 19, 2025 at 3:42 pm
      Reply

      You’re right. Full of holes to exploit, the Windows operating system is a security risk in itself.

  5. Tachy said on March 19, 2025 at 2:15 pm
    Reply

    I’ve often heard “I didn’t download anything!”.

    People don’t realize that everything they see on the screen in a web browser is something they just “downloaded”.

    All it takes is landing on the wrong webpage these days.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2025 - All rights reserved