You have been warned — do not open these highly dangerous Windows files.
Update, June 9, 2025: This story, originally published on June 8, has been updated with a statement from Microsoft regarding the latest ongoing cyberattacks against Windows users. Windows users are under attack.
Yes, I know, Windows users are always under attack, it’s a byproduct of there being so many of them and threat actors focusing on such big platforms that can offer the potential for significant returns. While, and install them quickly. But what if the threat is not only well known among the cybercriminal community, has existed for many years, and still hasn’t been given a Common Vulnerabilities and Exposures identifier? Welcome to the highly dangerous world of Windows LNK file cyberattacks that are happening right now. Do not open these files.The Common Vulnerabilities and Exposures system might not be perfect, but it does provide a standard and actionable method of identifying and prioritizing security vulnerabilities wherever they occur. Security vulnerabilities such as the one that impacts LNK shortcut files in the Windows operating system, and has done for many years now. Or at least it would have had the vulnerability in question been allocated a CVE identifier, which it hasn’t. Alexander Kolesnikov, a malware analyst at Kaspersky Lab, has issued a warning to all Windows users as Kaspersky’s Global Research and Analysis Team, the Windows LNK file vulnerability in question, has already been seen being exploited this year in zero-day attacks by cybercriminal and state-sponsored actors according to the security researchers at Trend Micro.Cristiano Ronaldo Sends Message To FC Barcelona Ace Lamine Yamal After Nations League WinZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited in zero-day attacks by cybercriminal and state-sponsored actors, according to security researchers at Trend Micro. Now, Kolesnikov has warned that it is being actively exploited and enables threat actors to launch attacks that are obfuscated from the victim. “The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts,” Kolesnikov explained. What this means is that attackers can apply additional characters in the target field, things like spaces and line breaks for example, so that the user only sees the legitimate-looking path and has no cause for concern that anything is amiss. That’s far from the reality though, as malicious commands added, but obscured from view in File Explorer, can be used to compromise the Windows system once the LNK file is executed. “Only the first part of the path is shown in the shortcut’s properties,” Kolesnikov reiterated, adding that “the target field might include arguments at the end of the line that trigger a request to download a payload using powershell.exe.”“We appreciate the work of ZDI in submitting this report under a coordinated vulnerability disclosure. Microsoft Defender has detections in place to detect and block this threat activity, and the Smart App Control provides an extra layer of protection by blocking malicious files from the Internet. As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files. While the UI experience described in the report does not meet the bar for immediate servicing under ourWindows users should be comforted to some degree in that Microsoft Defender includes content scanning functionality that will examine files, including these LNK ones, and is aware of the techniques used by attackers. This means that Microsoft Defender can identify malicious LNK files. The Microsoft spokesperson told me that the average Windows user does not inspect file properties. So the method described by the researchers is of limited practical use to an attacker. I’m not sure I’m 100% on board with that, and maybe if users did look at file properties before executing them, then less malware would get through. Microsoft also told me that Windows identifies LNK shortcut files as a “potentially dangerous file type,” which means that when a user attempts to open one that had been downloaded from the internet, a security warning is automatically triggered. This warning, quite correctly, advises the user not to open files from unknown sources. “We strongly recommend heeding this warning,” Microsoft said.
Windows Cyberattack LNK Files Kapsersky Security Warning Cybersecurity Operating System Security Do Not Open These Windows Files
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Warning — Microsoft Windows Defender Can Be Disabled By HackersA new hacker tool disables Windows Defender, leaving you vulnerable to attack.
Read more »
Get Microsoft Windows 11 Pro for only $15 — Get it before Windows 10 endsIt’s time to take advantage of this opportunity to transform your Windows 10 computer into a beast, while Microsoft Windows 11 Pro is just $14.97.
Read more »
Get Microsoft Windows 11 Pro for only $15 — Get it before Windows 10 endsIt’s time to take advantage of this opportunity to transform your Windows 10 computer into a beast, while Microsoft Windows 11 Pro is just $14.97.
Read more »
Get Microsoft Windows 11 Pro for only $15 — Get it before Windows 10 endsIt’s time to take advantage of this opportunity to transform your Windows 10 computer into a beast, while Microsoft Windows 11 Pro is just $14.97.
Read more »
New Windows 10 Update Warning — Startup Loop Confirmed By MicrosoftMicrosoft has confirmed that the latest Windows 10 security update is leaving some users in a startup loop nightmare.
Read more »
Microsoft Windows Cyberattack Warning — Do Not Open These FilesYou have been warned — do not open these highly dangerous Windows files.
Read more »