A serious security flaw in Windows has remained unpatched for over eight years, despite being actively exploited in the wild, raising questions about Microsoft’s handling of critical vulnerabilities. The vulnerability, identified as CVE-2025-9491, affects the processing of LNK files and has already been used in thousands of attacks. Recent reports by Arctic Wolf reveal that hacker groups targeted several EU countries—including Belgium, Hungary, Italy, Serbia, and the Netherlands—at the end of 2024, using this flaw to go after diplomats.
The attack method is alarmingly simple: hackers deliver a malicious LNK file, often via phishing, and when opened, it executes code that can compromise the system. In the latest incidents, attackers attempted to inject Trojan malware enabling remote access, potentially allowing a broad range of commands to be executed on affected devices. Historical patterns show that hacker groups from China, Iran, North Korea, and Russia have all employed similar techniques using this vulnerability.
Despite repeated notifications to Microsoft through Trend ZDI’s bug bounty program, the flaw remains unpatched. Security experts are baffled by the lack of action, warning that further attacks are almost inevitable. In the meantime, Windows administrators are advised to block the execution of LNK files from unknown sources to protect systems until a fix is provided.
