Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft Fixes Windows Shortcut Flaw Exploited for Years

Microsoft fixed a Windows shortcut flaw exploited in nearly 1,000 samples since 2017 that allowed hidden command execution by attackers, including state-sponsored groups.

  • On November 12, Microsoft released a patch fixing 63 vulnerabilities, including the Windows LNK UI flaw tracked as CVE-2025-9491 with a 7.8 severity score.
  • Trend Micro researchers reported nearly a thousand malicious samples dating back years ago, while Zero Day Initiative repeatedly sought a fix Microsoft called 'low severity'.
  • By hiding arguments with non-printing characters, attackers padded command-line arguments with whitespace or non-printing characters so the Target field appears harmless, enabling hidden execution in the current user context.
  • Patch-Watcher 0patch reported Microsoft rolled out a silent mitigation so the Properties dialog now reveals the full command, but defenders warn many affected Windows machines may remain compromised.
  • The LNK format proved valuable because short files bypass many filters yet enable full remote code execution; Arctic Wolf Labs reported UNC6384 used CVE-2025-9491 in spear-phishing with PlugX in Europe.
Insights by Ground AI
Podcasts & Opinions

11 Articles

Tech RadarTech Radar
Center

Microsoft quietly patches LNK vulnerability that's been weaponized for years

The November Patch Tuesday fixed an age-old bug being exploited by nation-states.

·United Kingdom
Read Full Article
The RegisterThe Register
Center

Microsoft fixes Windows shortcut flaw exploited for years

: Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files

Read Full Article
NumeramaNumerama

Microsoft Has Discreetly Crafted a Solution for a Security Flaw that Has Been Operating for 8 Years

Referenced under the technical name CVE-2025-9491, a flaw in Windows (.lnk) shortcut files has been exploited for years by espionage groups and cybercriminals, for their ability to inject malicious code in a hidden way. We are in 2017, and for the first time, Trend

Read Full Article
technewstube.comtechnewstube.com

Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. . . .

Read Full Article
CSO OnlineCSO Online

Windows shortcuts’ use as a vector for malware may be cut short

A third-party patch management company is cutting short attackers’ use of LNK files to smuggle in malicious commands, while Microsoft prefers to tell the whole story.

Read Full Article
TechRepublicTechRepublic

Microsoft Silently Fixes 8-Year Windows Security Flaw

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows' standard interface.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Wednesday, December 3, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Security icon

Security

Windows icon

Windows

Cybercrimes icon

Cybercrimes

Espionage icon

Espionage

Microsoft icon

Microsoft

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal