日本語
한국어
Tiếng Việt
简体中文A vulnerability in Windows, dating back eight years, is reportedly being actively exploited for espionage, yet Microsoft has no plans to issue a fix. This zero-day, discovered by Trend Micro, involves malicious .LNK shortcut files used to deploy malware.
Shortcut Exploit: A Low-Tech but Effective Attack
The attack uses seemingly harmless shortcut files that, when clicked, execute hidden commands to download and run malware. These .LNK files appear to link to legitimate files but contain embedded instructions for malicious activities.
According to the Zero Day Initiative (ZDI), attackers, including those backed by North Korea, have been using whitespace padding in the command-line arguments to conceal the malicious commands from users. This makes it difficult to detect the true nature of the shortcut.
Microsoft’s Response: “Not a Security Issue”
Trend Micro reported the issue to Microsoft in September of last year, estimating that the exploit has been in use since 2017. Despite the discovery of nearly 1,000 compromised .LNK files, Microsoft considers it a UI issue rather than a security vulnerability.
“We told Microsoft but they consider it a UI issue, not a security issue,” Dustin Childs from ZDI explained. “So it doesn’t meet their bar for servicing as a security update.”
Espionage and Information Theft
Analysis of the malicious .LNK files revealed that state-sponsored attackers were responsible for approximately 70% of the attacks, primarily targeting espionage and information theft. North Korea accounted for 46% of state-sponsored attacks, with Russia, Iran, and China each contributing around 18%.
The primary targets include government entities, followed by the private sector, financial institutions, think tanks, and telecommunications companies.
Why No Patch?
Trend Micro decided to disclose the vulnerability publicly after Microsoft refused to address it as a security risk. They argue that executing malicious code via a .LNK file constitutes a security issue, especially when combined with privilege escalation exploits.
“We consider that a security thing. Again, not a critical security thing, but certainly worth addressing through a security update,” Childs stated.
Microsoft, however, maintains its position, stating that the issue does not meet its criteria for immediate servicing but will be considered for a future feature release. A spokesperson advised users to exercise caution when downloading files from unknown sources.
Source: The Register