Microsoft has patched a critical Windows shortcut (LNK) file vulnerability (CVE-2025-9491) exploited since 2017 by various threat actors for remote code execution and espionage. Although Microsoft chose not to fully patch the flaw, it released a workaround to improve visibility of malicious commands in shortcut files. #CVE2025-9491 #LNKexploitation
Keypoints
- The vulnerability affects the handling of Windows shortcut (.LNK) files, allowing malicious code execution.
- Threat actors from China, Iran, North Korea, and Russia have exploited this flaw for espionage and data theft since 2017.
- Microsoft opted not to patch the flaw immediately, citing user warnings and system protections against untrusted formats.
- Shortcuts can contain long command strings, with only the first 260 characters visible, hiding malicious payloads.
- Microsoft released a patch to display complete command details and a micropatch warning users about long LNK files.
Read More: https://thehackernews.com/2025/12/microsoft-silently-patches-windows-lnk.html