1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft quietly patches LNK vulnerability that's been weaponize

    From TechnologyDaily@1337:1/100 to All on Thursday, December 04, 2025 15:15:06
    Microsoft quietly patches LNK vulnerability that's been weaponized for years

    Date:
    Thu, 04 Dec 2025 15:00:00 +0000

    Description:
    The November Patch Tuesday fixed an age-old bug being exploited by nation-states.

    FULL STORY ======================================================================Microsof ts November 2025 Patch Tuesday fixed 63 flaws, including CVE-2025-9491 in Windows LNK files The bug let attackers hide malicious commands in shortcut files, enabling RCE attacks Exploited since 2017 by state-sponsored groups from China, Iran, North Korea, and Russia; severity rated 7.8/10

    The November 2025 Patch Tuesday cumulative update fixed a vulnerability that hackers have been exploiting for years.

    On November 12, Microsoft released a patch that addressed 63 vulnerabilities. Among them was a Microsoft Windows LNK file UI misrepresentation
    vulnerability that enabled Remote Code Execution (RCE) attacks via weaponized shortcut (.LNK) files.

    According to the National Vulnerability Database (NVD), crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker
    can leverage this vulnerability to execute code in the context of the current user.

    Catch the price drop- Get 30% OFF for Enterprise and Business plans

    The Black Friday campaign offers 30% off for Enterprise and Business plans
    for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal Abused for years

    In other words, the bug lets attackers hide what the shortcut really does. When a victim right-clicks the shortcut file to check its properties, Windows hides the files full path and commands it will run, making the file appear safe even when it isnt.

    The bug is now tracked as CVE-2025-9491 and has a severity score of 7.8/10 (high).

    Cybercriminals turned to .LNK files years ago, when Microsoft first banned
    the use of macros in downloaded Office files. In more recent times, Trend Micros Zero Day Initiative (ZDI) reported that the bug was being weaponized
    by 11 state-sponsored groups from China, Iran, North Korea, and Russia, who were using it for cyber-espionage, data theft, and fraud, apparently since 2017.

    At first, Microsoft did not want to fix it, telling The Hacker News it wasnt that big of a deal. It also said that the .LNK format is blocked in Outlook, Word, Excel, PowerPoint, and OneNote and whoever tried running these files would get a warning not to open documents from unknown sources.

    However, since multiple cybersecurity companies warned about the abuse, and pointed out that state-sponsored attackers were using the bug too, Microsoft decided to fix it.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-quietly-patches-lnk-vulnerabi lity-thats-been-weaponized-for-years


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)