Microsoft 'Mitigates' Windows LNK Flaw Exploited As Zero-Day (bleepingcomputer.com)
- Reference: 0180287041
- News link: https://it.slashdot.org/story/25/12/04/1744255/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day
- Source link: https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/
> Microsoft has [2]silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as [3]CVE-2025-9491 , this security flaw allows attackers to hide malicious commands within Windows LNK files, which can be used to deploy malware and gain persistence on compromised devices. However, the attacks require user interaction to succeed, as they involve tricking potential victims into opening malicious Windows Shell Link (.lnk) files. Thus some element of social engineering, and user technically naive and gullibility such as thinking Windows is secure is required. [...]
>
> As Trend Micro threat analysts discovered in March 2025, the CVE-2025-9491 was already being widely exploited by 11 state-sponsored groups and cybercrime gangs, including Evil Corp, Bitter, APT37, APT43 (also known as Kimsuky), Mustang Panda, SideWinder, RedHotel, Konni, and others. Microsoft told BleepingComputer in March that it would "consider addressing" this zero-day flaw, even though it didn't "meet the bar for immediate servicing." ACROS Security CEO and 0patch co-founder Mitja Kolsek found, Microsoft has silently changed LNK files in the November updates in an apparent effort to mitigate the CVE-2025-9491 flaw. After installing last month's updates, users can now see all characters in the Target field when opening the Properties of LNK files, not just the first 260. As the movie the Ninth Gate stated: "silentium est aurum"
[1] https://slashdot.org/~joshuark
[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-lnk-flaw-exploited-as-zero-day/
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-9491
Pop up videos on /. (Score:1)
I have pop up videos on my main /. page! Who's fucking idea was this?
Re: (Score:2)
me too.
the clock is ticking down on this site.
the whole internet actually, but this is one of the last few sites I still visit.
I'll miss you bunch of bad tempered opinionated jackasses.
but not very much
Re: (Score:3)
I don't, but I'm also not running Chrome. Firefox (and siblings) still allows the full uBlock Origin experience that makes all this crap go away by default.
Discover the Zen browser.
Re: (Score:2)
Looks like Privacy Badger is at least preventing it from playing.
sigh Users (Score:5, Informative)
[1]https://msrc.microsoft.com/upd... [microsoft.com]
Files that are typed .lnk are not deliverable over a browser and must be packaged into a .zip file first, then unzipped by the victim.
Windows identifies shortcut files (.lnk) as a potentially dangerous file type. Attempting to open a .lnk file downloaded from the Internet automatically triggers a security warning advising users not to open files from unknown sources, and we strongly recommend heeding this warning.
Double-clicking on a .lnk file produces a warning stating that the file format is not trusted; a victim must click through this prompt.
Why are we so easily socially engineered to do these things?
[1] https://msrc.microsoft.com/update-guide/advisory/ADV25258226
Re: sigh Users (Score:2)
I get most of those warnings opening Excel files from a corporate virtual machine that delivers our reporting. I doubt I'm the only person that has to do this.
The warnings are so omnipresent I imagine it's super easy to social engineer around them. Probably just tell people there's celebrity boobies to be seen or something.
Re: (Score:1)
> Why are we so easily socially engineered to do these things?
Apparently you don't understand how many stupid people there are in the world. Really, really, seriously stupid.
These vulnerabilities (Score:2)
Should be immediately disclosed. Yes, it gives hackers an opportunity to learn about them, but it gives IT Sec admins the ability to mitigate them. As Tommy Lee Jones once said in the movie Volcano "I can only fight what I can see."