Summary: An unpatched security vulnerability in Microsoft Windows allows 11 state-sponsored groups to execute hidden malicious commands through crafted .LNK files, leading to significant risks of data theft and cyber espionage. Discovered by Trend Microβs Zero Day Initiative (ZDI), the flaw has been utilized since 2017, targeting various organizations globally. Microsoft has classified the vulnerability as low severity and does not intend to issue a fix, despite the ongoing exploitation by various threat actors, predominantly from North Korea.
Affected: Microsoft Windows
Keypoints :
- Vulnerability ZDI-CAN-25373 allows execution of hidden commands via .LNK files.
- Nearly 1,000 malicious .LNK file artifacts linked to attacks from state-sponsored groups.
- Targets include governments, private entities, and military agencies across several countries.
- Evil Corp, Kimsuky, and other threat actors use the exploit to deliver malware like Lumma Stealer.
- Microsoft considers the vulnerability to be of low severity and will not release a fix.
Source: https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html