Monday, June 9, 2025
Latest:
News

Windows Users Urged to Beware as Dangerous LNK File Cyberattacks Surge

seanhackacademy

Microsoft Windows users are being urgently warned about a dangerous cyberattack exploiting a long-known yet unresolved security flaw involving Windows LNK files. Cybersecurity researchers at Kaspersky and Trend Micro have reported that the vulnerability, known as ZDI-CAN-25373, is actively being exploited by cybercriminals and state-sponsored attackers in a series of recent attacks.

A Long-Standing Security Gap

Despite the vulnerability existing for years, it has not been assigned a Common Vulnerabilities and Exposures (CVE) identifier—typically used to formally acknowledge and track security threats. Alexander Kolesnikov, a malware analyst at Kaspersky Lab, has specifically highlighted the ongoing threat posed by these malicious LNK files.

How the Attack Works

The LNK vulnerability exploits a flaw in Windows File Explorer, which does not fully display certain parameters included in shortcut files. Attackers cleverly insert malicious commands hidden by spaces or line breaks at the end of file paths, tricking users into executing what appears to be legitimate shortcuts. Once activated, these hidden commands trigger malicious downloads via tools like PowerShell, potentially compromising the entire Windows system.

Microsoft’s Response

Microsoft acknowledges the issue but notes it does not currently meet the criteria for immediate action under its severity classification guidelines. However, Microsoft Defender already includes measures to detect and block these threats. Additionally, Windows automatically warns users when opening downloaded LNK files, cautioning against files from untrusted sources.

Despite these protective measures, security researchers remain cautious, urging users to stay vigilant, keep security software updated, and never open unfamiliar or suspicious LNK files.

Staying Safe

For now, the best protection is awareness and caution:

  • Do not open LNK files from unverified sources.

  • Ensure Microsoft Defender or equivalent antivirus software remains updated.

  • Pay attention to security warnings displayed by Windows.

This latest warning underscores the persistent threats facing Windows users and the importance of proactive cybersecurity practices.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *