Source URL: https://www.theregister.com/2025/03/18/microsoft_trend_flaw/
Source: The Register
Title: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying
Feedly Summary: ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.…
AI Summary and Description: Yes
Summary: The text discusses a long-standing vulnerability in Microsoft’s Windows operating system, exploited through malicious .LNK shortcut files, which has facilitated espionage campaigns chiefly associated with North Korean state-sponsored attackers. Despite Trend Micro’s disclosure of the issue, Microsoft has deemed it a low-priority UI concern, failing to patch it as a security vulnerability, which raises significant implications for information security and compliance in software development.
Detailed Description:
– The exploitation method relies on malicious .LNK files that can download malware while misleading users into believing they are clicking on legitimate files.
– This exploit has been in use since 2017 and has been predominantly associated with state-sponsored attackers, particularly from North Korea.
– While Trend Micro found nearly 1,000 tampered .LNK files, the actual number of attacks is difficult to determine, potentially indicating a much larger issue.
– Key statistics from the report include:
– 70% of identified attacks are linked to espionage efforts.
– 20% focus on financial gain.
– Among state-sponsored attackers, 46% are attributed to North Korea, with Russia, Iran, and China each accounting for roughly 18% of activity.
– The incident underscores significant concerns regarding software security, especially when a critical vulnerability remains unaddressed by a major software provider.
– Trend Micro reported the vulnerability to Microsoft in September but was informed it didn’t meet their security update criteria, which raises questions about the prioritization of user security versus UI concerns.
– The potential risks are compounded if such exploits are paired with other privilege escalation vulnerabilities, enabling broader system access.
– Microsoft acknowledged the issue but characterized it as a UI concern, suggesting that any fix might require broader changes than a simple security patch.
– This scenario reflects a damaging gap in corporate cybersecurity protocols and compliance with established security practices and regulations.
This incident serves as a critical reminder for security professionals to maintain vigilance regarding software vulnerabilities, advocate for robust security measures within organizations, and address potential compliance concerns related to software development practices.