Uncovered: Unpatched Vulnerability in Windows LNK Files

Uncovered: Unpatched Vulnerability in Windows LNK Files

In a recent report by the Zero-Day Initiative (ZDI), a high-risk vulnerability has been identified in the display of contents from LNK files on Microsoft Windows, designated as CVE-2025-9491. The vulnerability, with a CVSS score of 7.0 and a risk level of "high", could potentially allow network attackers to execute arbitrary code on affected Microsoft Windows installations.

Despite the seriousness of the issue, Microsoft has maintained its stance that the security gap does not reach the severity for treatment. Discussions regarding the vulnerability have been ongoing for approximately half a year, but Microsoft has yet to assign an EUVD (Exploitability Index) to the vulnerability.

The vulnerability is related to the Windows user interface for displaying LNK files not showing dangerous contents. Attackers can exploit this by manipulating data in an LNK file, causing contents to remain invisible. This could lead potential victims to execute malicious LNK files innocently, as they do not see the harmful contents due to the security leak.

LNK files, used in Windows for links, have a defined structure. Fifteen years ago, a similar vulnerability in LNK processing in Windows was exploited by criminals. Over time, LNK files have been used in various attacks, and one possible use of them in attacks is to install a backdoor in a Qemu-Linux emulation, often attached to a malicious email.

The ZDI states that the vulnerability allows network attackers to execute arbitrary code on affected Microsoft Windows installations. This could potentially lead to a wide range of harmful activities, including data theft, system takeover, and more.

It is important to note that user interaction is required for abuse, as users must visit a malicious page or open a malicious file for the vulnerability to be exploited. However, the potential consequences of the vulnerability are significant, making it a concern for security professionals and users alike.

Microsoft's stance on the vulnerability has been met with criticism, as the ZDI has published a report on the high-risk vulnerability in LNK files, despite Microsoft's refusal to acknowledge its severity. The manufacturer of the operating system on which the LNK file problem can be exploited is Microsoft, and this operating system (Windows) has already been in existence for over ten years. Microsoft's Windows operating system lineup, including Windows 10 and Windows 11, has been developed and updated for many years, well exceeding a decade.

As the situation develops, it is crucial for users to remain vigilant and practice safe computing habits, such as not opening suspicious files or visiting untrusted websites. It is also recommended to keep the operating system and all installed software up-to-date to minimise the risk of exploitation of known vulnerabilities.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads