Security experts from Trend Micro have uncovered a security vulnerability in Windows, known as ZDI-CAN-25373, that attackers have been exploiting since at least 2017. Through this loophole, attackers can execute malicious code on affected Windows computers if the user visits a contaminated website or opens an infected file.
The vulnerability lies in how Windows processes .lnk (shortcut) files. Attackers can embed command-line commands that are invisible to Windows users through this loophole. Once the user opens the respective file, these hidden commands are executed. According to Trend Micro, at least eleven hacker groups, associated with state actors such as North Korea, Iran, Russia, and China, are taking advantage of this vulnerability. The targets, however, are not individual users but government institutions and organizations from various parts of the world. Typically, the targets are connected to sectors like finance, military, telecommunications, or energy, which are being spied on.
The targeted institutions are located in North America, Europe, Asia, South America, and Australia. In Europe, institutions from Germany seem to be especially targeted. The security researchers state: “We have discovered nearly a thousand Shell Link (.lnk) samples exploiting ZDI-CAN-25373; however, it is likely that the total number of exploitation attempts is much higher. Subsequently, we submitted a proof-of-concept exploit as part of Trend ZDI’s Bug Bounty program to Microsoft, which declined to fix this vulnerability with a security patch.”
This revelation underscores the ongoing threat posed by cyberattacks and the importance of staying vigilant against such malicious activities. With various state-sponsored hacker groups exploiting vulnerabilities for espionage purposes, it is crucial for organizations and government entities to prioritize cybersecurity measures. As technology continues to advance, so do the capabilities of cybercriminals, making it imperative for cybersecurity experts to constantly monitor and address potential vulnerabilities before they are exploited.
The refusal of Microsoft to address this particular vulnerability raises concerns about the effectiveness of current security protocols and the need for greater collaboration between cybersecurity researchers and software developers. As cyber threats evolve, it is essential for all stakeholders to work together to enhance the resilience of digital infrastructure and protect sensitive information from being compromised.
In light of these developments, it is advised for Windows users to stay updated on security patches and be cautious when opening files or visiting websites, especially those of unknown origins. By practicing good cyber hygiene and remaining informed about potential threats, individuals and organizations can mitigate the risks posed by cyberattacks and safeguard their digital assets.