Eight-Year Espionage Campaign Leveraging Unpatched Windows Shortcut Vulnerability
Trend Micro discovered an eight-year-old espionage campaign exploiting a vulnerability in Windows .LNK shortcut files. Attackers embed malicious code by obscuring commands within megabytes of whitespace in the command-line arguments. Despite Trend Micro reporting this to Microsoft last September, Microsoft considers it a low-priority UI issue, not a security vulnerability, and refuses to patch it. This vulnerability has been used in attacks targeting governments, private sectors, and financial institutions, with 46% of attacks originating from North Korea. Trend Micro decided to publicly disclose the vulnerability, as even local code execution, combined with other exploits, easily compromises systems. Microsoft stated they will consider addressing this in a future feature release, advising users to exercise caution when downloading files from unknown sources.