Windows has reportedly had a vulnerability that has been actively exploited for eight years, noticed by researchers from Trend Micro. To date, no patch is available.
Security researchers from Trend Micro discovered a Windows vulnerability that allows attackers to execute malicious commands since 2017. The attackers use malicious Shell Link (.lnk) files that exploit the vulnerability ZDI-CAN-25373. Microsoft informed The Register that the technical fix is “incredibly difficult” to implement. Therefore, the company has not taken any action to date.
Shell Link Files
The attacks use .lnk shortcut files. These appear to be trustworthy files at first glance, but they contain hidden instructions to download malware. Trend Micro discovered that North Korean attackers have added megabytes of white space to the command-line arguments. This makes the attack invisible.
The researchers found that the attack has been exploited since 2017. Nearly a thousand malicious lnk files have already been identified, but this number may increase. Trend Micro also mentions that at least eleven state-sponsored groups have exploited the vulnerability. Almost half of the attacks are linked to North Korea.
read also
Microsoft Fixes Six Zero-Day Vulnerabilities in Various Windows Versions
Despite Trend Micro’s research, Microsoft has not yet published a patch. “We told Microsoft, but they consider it a UI issue, not a security issue. So it doesn’t meet their bar for maintenance as a security update, but it might be fixed in a later OS version, or something along those lines,” said Dustin Childs, head of threat awareness at the Zero Day Initiative, to The Register.