Microsoft Quietly Patches Critical Windows LNK File Vulnerability (CVE-2025-9491) Exploited by Multiple APT Groups
Windows LNK files, or shortcut files, are integral to the Windows operating system, allowing users to quickly access applications, files, or directories. These files contain metadata, including the target path, icons, and other attributes. However, they can also be manipulated to execute commands when accessed, making them a potential vector for malicious activity. The vulnerability CVE-2025-9491 exploited this functionality, enabling attackers to embed malicious commands within LNK files that would be executed remotely without requiring any user interaction. This capability is particularly alarming as it bypasses common security measures that rely on user action, such as clicking on a link or opening a file. The vulnerability was actively exploited by at least 11 advanced persistent threat (APT) groups, including state-sponsored actors from North Korea and the cybercriminal organization Evil Corp. The exploitation of this vulnerability by multiple threat actors highlights its attractiveness for conducting targeted attacks, espionage, and other malicious activities. Microsoft addressed the vulnerability with a patch deployed quietly in the summer of 2025, without an initial public announcement. The lack of detailed technical information about the exploitation mechanism poses challenges for security researchers and defenders in understanding and mitigating similar threats in the future. Organizations are strongly advised to ensure that all systems are updated with the latest security patches from Microsoft. Furthermore, security teams should enhance monitoring for any unusual activity associated with LNK files and deploy advanced detection mechanisms to identify and respond to potential exploits promptly. This incident underscores the critical importance of timely patch management and the need for continuous vigilance against evolving cyber threats, particularly those involving common file types and seemingly benign system components.