TZUTC: -0500   
   MSGID: 545.consprcy@1:2320/105 2c415d31   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   An unpatched Windows zero-day flaw has been exploited by 11 nation-state   
   attackers   
      
   Date:   
   Wed, 19 Mar 2025 14:02:00 +0000   
      
   Description:   
   North Korea, Russia, China, and others are abusing an ancient flaw in .LNK   
   files to attack Windows.   
      
   FULL STORY   
   ======================================================================   
    - Trend Micro warns of an old Windows zero-day still in use today   
    - Many nation-states are abusing the bug to run espionage campaigns   
    - Microsoft doesn't deem it critical   
      
   A Windows zero-day vulnerability which has remained unpatched for eight years   
   has been exploited by 11 nation-state attackers, and countless financially   
   motivated groups, experts have warned.    
      
   Trend Micros Zero Day Initiative (ZDI) criticized Microsoft for downplaying   
   the importance of the findings into the vulnerability, tracked as   
   ZDI-CAN-25373, which is a flaw in Windows that allows attackers to craft   
   malicious shortcut (.lnk) files, enabling the execution of hidden commands   
   when a user interacts with these files.    
      
   This exploit can be abused by embedding harmful code within the .lnk file,   
   which the victim then unknowingly runs when opening the shortcut. The   
   vulnerability was used in data theft attacks, espionage, and malware   
   distribution.   
      
   The researchers said the bug has been in use since 2017, and that they found   
   some 1,000 weaponized .LNK files recently. The total number, obviously, is   
   much bigger.    
      
   After sifting through the files, ZDI said the majority came from nation-state   
   actors (70%), and were used in espionage or data theft. Of that number,    
   almost half (46%) were built by North Korean actors, followed by Russia,    
   Iran, and China, with roughly 18% each. The rest fell to financially    
   motivated groups.    
      
   That being said, most victims are government agencies, followed by firms in   
   the private sector, financial organizations, think tanks, and   
   telecommunications firms.    
      
   The researchers also slammed Microsoft for allegedly downplaying the issue:   
   "We told Microsoft but they consider it a UI issue, not a security issue. So   
   it doesn't meet their bar for servicing as a security update, but it might be   
   fixed in a later OS version, or something along those lines, Dustin Childs,   
   head of threat awareness at the Zero Day Initiative, told The Register .    
      
   "We consider that a security thing. Again, not a critical security thing, but   
   certainly worth addressing through a security update," Childs opined.    
      
   Microsoft seems to agree, at least about the not critical part. A    
   spokesperson told The Register : "While the UI experience described in the   
   report does not meet the bar for immediate servicing under our severity   
   classification guidelines, we will consider addressing it in a future feature   
   release."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/an-unpatched-windows-zero-day-threat-ha   
   s-been-exploited-by-11-nation-state-attackers   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426