By Nermeen Nabil Khear 
- Trend Micro warns of an old Windows zero-day still in use today
- Many nation-states are abusing the bug to run espionage campaigns
- Microsoft doesn’t deem it critical
A Windows zero-day vulnerability which has remained unpatched for eight years has been exploited by 11 nation-state attackers, and countless financially motivated groups, experts have warned.
Trend Micro’s Zero Day Initiative (ZDI) criticized Microsoft for downplaying the importance of the findings into the vulnerability, tracked as ZDI-CAN-25373, which is a flaw in Windows that allows attackers to craft malicious shortcut (.lnk) files, enabling the execution of hidden commands when a user interacts with these files.
This exploit can be abused by embedding harmful code within the .lnk file, which the victim then unknowingly runs when opening the shortcut. The vulnerability was used in data theft attacks, espionage, and malware distribution.
“Very detailed information”
The researchers said the bug has been in use since 2017, and that they found some 1,000 weaponized .LNK files recently. The total number, obviously, is much bigger.
After sifting through the files, ZDI said the majority came from nation-state actors (70%), and were used in espionage or data theft. Of that number, almost half (46%) were built by North Korean actors, followed by Russia, Iran, and China, with roughly 18% each. The rest fell to financially motivated groups.
That being said, most victims are government agencies, followed by firms in the private sector, financial organizations, think tanks, and telecommunications firms.
The researchers also slammed Microsoft for allegedly downplaying the issue: “We told Microsoft but they consider it a UI issue, not a security issue. So it doesn’t meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines,” Dustin Childs, head of threat awareness at the Zero Day Initiative, told The Register.
“We consider that a security thing. Again, not a critical security thing, but certainly worth addressing through a security update,” Childs opined.
Microsoft seems to agree, at least about the “not critical” part. A spokesperson told The Register: “While the UI experience described in the report does not meet the bar for immediate servicing under our severity classification guidelines, we will consider addressing it in a future feature release.”
You might also like
- Windows PCs targeted by dangerous new threat that even gets around Defender – and even though there’s a fix, you could still be at risk
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.