- Micro trend warns of an old day zero-day still used today
- Many nation states abuse bug to carry out spy campaigns
- Microsoft does not consider criticism
A vulnerability of Windows Zero-Day which has remained uncharted for eight years was operated by 11 Nation-Staff attackers and countless financially motivated groups, experts warned.
Trend Microsoft’s Zero Day (ZDDI) initiative criticized Microsoft for having minimized the importance of the results in the vulnerability, followed in ZDI-CAN-25373, which is a defect in Windows which allows attackers to create malicious shortcuts (.LNK), allowing the execution of hidden commands when a user interacts with these files.
This feat can be abused by integrating harmful code into the .lnk file, which the victim then executes without knowing it when opening the shortcut. Vulnerability has been used in data flight attacks, spying and distribution of malware.
“Very detailed information”
The researchers said that the buckt has been used since 2017 and that they have found some 1,000 .LNK files recently armed. The total number, of course, is much larger.
After examining the files, ZDI said that the majority came from the nation-state players (70%) and was used in espionage or data theft. Of this number, almost half (46%) were built by North Korean players, followed by Russia, Iran and China, with around 18% each. The rest came across financially motivated groups.
That said, most of the victims are government agencies, followed by private sector companies, financial organizations, reflection groups and telecommunications companies.
Researchers also criticized Microsoft for having allegedly minimized the problem: “We said to Microsoft, but they consider it a user interface problem, not a security problem. It therefore does not respond to their bar for security update services, but this could be fixed in a subsequent version of the operating system, or something in this sense”, Dustin Childs, Zero, Tadice, Torks The register.
“We consider that it is a security thing. Again, not a critical security thing, but certainly deserves to be addressed by updating security,” said Childs.
Microsoft seems to agree, at least on the “non -critical” part. A spokesperson said The register: “Although the experience of the user interface described in the report does not respond to the bar for an immediate service by virtue of our gravity classification guidelines, we will consider resolving it in a future version of features.”
