Unpatched Windows Security Flaw Exploited by State-Sponsored Groups Since 2017

An unpatched security flaw affecting Microsoft Windows has been exploited by 11 state-sponsored groups since 2017. These groups, originating from China, Iran, North Korea, and Russia, have used this vulnerability for data theft campaigns, espionage, and financial motives. The vulnerability, listed by Trend Micro's Zero Day Initiative (ZDI) under the name ZDI-CAN-25373, allows malicious actors to execute hidden actions.