When it comes to Windows security, Microsoft is doing a commendable job. Protecting billions of devices is not a small achievement. Sometimes, however, it appears that a person in Microsoft is carrying forward the brakes about specific weaknesses.
Take the following attack method as an example. This .lnk shortcut is a vulnerability that is exploited to trigger malware downloads. it was Trend discovered by micro Informed Microsoft in 2024 and in September 2024.
Trend Micro security engineers say the issue has been exploited at least since the minimum 2017 and has already been found to be around 1,000 from these links in the wild.
These links include megabytes of WhatsApp characters according to trend micro to fool antivirus and other safety solutions. According to the researchers, only four countries – North Korea, China, Russia and Iran attack. Trend Micro revealed that most of the attacks come from the state-proposed attack employees and fall into information theft and espionage category. The government was most targeted, followed by private and financial sector, think tanks and telecommunications.
The attackers successfully download and install various malware payloads on the exploited system. Notorious payloads and loaders of them such as Lumma Staller or Galadar.
Microsoft has not worked on the information provided. Trend Micro says that it decided to go publicly with information due to the inaction of Microsoft. According to the researchers, the threat to the confidentiality, integrity and availability of data created by governments is “a significant risk”.
Microsoft classified the issue as a low severity according to the trend micro, indicating that the issue could not be patched in a “immediate future”.
In a comment registerA Microsoft spokesperson encouraged customers to “take care when downloading files from unknown sources”.
Shortcut files can be analyzed on the local Windows system. The problem with revelation vulnerability is that link files are specially designed. This means that the user will not see exploitation when analyzing the link shortcut according to the trend micro.
Some safety solutions can already identify these malicious shortcuts, other in the near future.
Now you: What is your take on this? Should Microsoft develop a fix and release it? Feel free to leave a comment below.
Thanks for reading..
