- Trend Micro warns of an old zero day of Windows Windows still in use today
- Many states-nation are abusing error to execute espionage campaigns
- Microsoft doesn’t consider it critical
The experts warned a zero -day vulnerability of Windows that has remained without blinking for eight years, and innumerable financial motivation groups, experts warned.
The Zero Micro (ZDI) day initiative criticized Microsoft by minimizing the importance of the findings in vulnerability, tracked as ZDI-CAN-25373, which is a defect in Windows that allows the attackers to prepare malicious shortcut files (.LNK), which allows the execution of the hidden commands when a user interacts with these files.
This exploit can be abused embeding a harmful code within the .lNK file, which the victim runs without knowing it when opening the shortcut. Vulnerability was used in data theft attacks, espionage and malware distribution.
“Very detailed information”
The researchers said the error has been in use since 2017, and that they found about 1,000 .LNK files recently armed. The total number is obviously much larger.
After examining the files, ZDI said that the majority came from state-state actors (70%), and were used in espionage or data theft. Of that number, almost half (46%) were built by North Korean actors, followed by Russia, Iran and China, with approximately 18% each. The rest fell into financially motivated groups.
That said, most victims are government agencies, followed by companies in the private sector, financial organizations, groups of experts and telecommunications companies.
The researchers also criticized Microsoft for allegedly minimizing the problem: “We told Microsoft, but they consider it a problem of the user interface, not a security problem. Therefore, it does not meet its bar for the service as a security update, but it could be solved in a version of the operating system, or something next to those lines,” said Dustin Childs, chief of Awarity Awarness in the Zero Day initiative, he said, he said, he said, said, told, said, said, said, told, told, told, said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, tell, said, said, said, tell, said, said, said, said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said, he said He said, tell, say, according to the initiative, he said, according to the initiative. The registration.
“We consider that it is a security thing. Again, it is not a critical security thing, but it is certainly worth addressing through a security update,” said Childs.
Microsoft seems to agree, at least on the “non -critical” part. A spokesman said The registration: “While the experience of the user interface described in the report does not meet the bar for the immediate service under our gravity classification guidelines, we will consider addressing it in a launch of future features.”
