9 hours ago
Microsoft Windows Cyberattack Warning — Do Not Open These Files
Beware these dangerous Windows LNK files.
Windows users are under attack. Yes, I know, Windows users are always under attack, it's a byproduct of there being so many of them and threat actors focusing on such big platforms that can offer the potential for significant returns. While Linux and macOS systems are far from immune to such attacks, it's Microsoft users who get the brunt of it. Which is why it's so important to install updates that fix Windows vulnerabilities, and install them quickly. But what if the threat is not only well known among the cybercriminal community, has existed for many years, and still hasn't been given a Common Vulnerabilities and Exposures identifier? Welcome to the highly dangerous world of Windows LNK file cyberattacks that are happening right now. Do not open these files.
The Common Vulnerabilities and Exposures system might not be perfect, but it does provide a standard and actionable method of identifying and prioritizing security vulnerabilities wherever they occur. Security vulnerabilities such as the one that impacts LNK shortcut files in the Windows operating system, and has done for many years now. Or at least it would have had the vulnerability in question been allocated a CVE identifier, which it hasn't.
Alexander Kolesnikov, a malware analyst at Kaspersky Lab, has issued a warning to all Windows users as Kaspersky's Global Research and Analysis Team revealed the most noteworthy Windows vulnerability being exploited so far in 2025.
ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited this year in zero-day attacks by cybercriminal and state-sponsored actors according to the security researchers at Trend Micro.
ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited in zero-day attacks by cybercriminal and state-sponsored actors, according to security researchers at Trend Micro. Now, Kolesnikov has warned that it is being actively exploited and enables threat actors to launch attacks that are obfuscated from the victim. 'The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts,' Kolesnikov explained. What this means is that attackers can apply additional characters in the target field, things like spaces and line breaks for example, so that the user only sees the legitimate-looking path and has no cause for concern that anything is amiss. That's far from the reality though, as malicious commands added, but obscured from view in File Explorer, can be used to compromise the Windows system once the LNK file is executed. 'Only the first part of the path is shown in the shortcut's properties,' Kolesnikov reiterated, adding that 'the target field might include arguments at the end of the line that trigger a request to download a payload using
'As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files,' a Microsoft spokesperson said.
