Security researcher Wietze Beukema has disclosed four weaknesses in Windows LNK shortcut files that can be exploited by attackers to deploy malicious payloads. These techniques manipulate LNK files to hide malicious targets from users inspecting file properties, allowing for deceptive execution of different programs than what appears to be targeted, as reported by Bleeping Computer.The attack methods exploit inconsistencies in how Windows Explorer prioritizes conflicting target paths within LNK files. Attackers can use forbidden characters or manipulate data structures like EnvironmentVariableDataBlock to display a benign target, such as "invoice.pdf," in file properties while executing malicious code like PowerShell. Beukema has released an open-source tool, "lnk-it-up," to help test and identify these malicious LNK files. Microsoft, however, has declined to classify these as vulnerabilities, stating that exploitation requires user interaction and does not breach security boundaries. Despite this, Microsoft Defender and Smart App Control offer some protection, and the company advises users to heed security warnings and avoid opening files from unknown sources.While Microsoft does not consider these specific findings to be vulnerabilities, the underlying techniques are similar to CVE-2025-9491, a flaw that has been actively exploited by multiple state-sponsored groups and cybercrime gangs for years, Beukema says. Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




