One of the biggest shows on Netflix at the moment is Zero Day, about the fallout of a catastrophic cyberattack in the US. A zero-day vulnerability is a security weakness developers have yet to discover, leaving an opening for cybercriminals to infiltrate their systems. Once a zero-day exploit has been identified internally, the idea is to patch it up as quickly as possible to prevent further exposure.
This week, however, a report by Trend Micro revealed an alarming discovery. Not only did the company identify a Windows vulnerability that’s been quietly exploited by state-sponsored hackers from 11 different countries over the past eight years, but Microsoft isn’t planning to do anything about it.
Truth really is stranger than fiction.
See those icons on your Windows desktop – the ones you double-click to open your files or apps? Beneath their seemingly harmless appearance, those little icons are really .lnk files. They’re essentially shortcuts that trigger the program to load.
What hackers have discovered is that they can replace these files with malicious shortcuts. When you click on these files, they don’t just execute the file but also additional commands to steal data or download and run malware.
Usually, you can see what a command does by checking its properties. But in this case, the hackers bury the real command deep in a long string of empty spaces, making it invisible to the user. These files can be sent through phishing emails, fake downloads, or even hidden on USB drives. If an attacker can combine .lnk infiltration with another flaw, such as a privilege escalation bug, they can gain full control of your machine.
According to Trend Micro, the vulnerability has been exploited by state-sponsored groups from countries such as North Korea, Iran, Russia, and China. Among the organisations to be targeted include government departments and companies across the finance, telecommunications, and energy sectors. Geographically, the attacks have been spread globally.
Nearly 70% of the incidents identified by Trend Micro were mainly for espionage purposes, with over 20% motivated by financial gain. Many threat actors combine the two motivations to serve one another.
Microsoft sees the vulnerability as a UI issue, not a security problem. The company claims that the flaw “does not meet the bar for immediate servicing under our severity classification guidelines”.
There’s also an underlying suspicion that Microsoft’s reluctance to address the issue may be due to the technical complexity of fixing it. Experts have suggested that rectifying the problem may require a more complex solution than can be achieved in a traditional security update.
Having identified the vulnerability last year and shared its findings with Microsoft, Trend Micro decided to go public to force the company’s hand. With Microsoft still refusing to budge, it’s never been more important to protect your cyber resilience.
Unpatched vulnerabilities increase the risk of a data breach dramatically. Here’s what you should do in response:
Businesses can’t afford to wait for fixes that may never arrive. Now that the truth is out in the public domain, cybercriminals globally have been given a blueprint to test out this strategy on their next targets.
Don’t let unpatched vulnerabilities leave you picking up the pieces of your business. Microsoft may let you down, but Redstor’s backup and recovery solutions won’t. We protect the full Microsoft ecosystem – from M365 and Entra ID to Azure VMs and Blob.
Get in touch today to learn more.
