Techly NewsGet the app

Get the latest tech news

Microsoft Isn't Fixing 8-Year-Old Shortcut Exploit Abused For Spying


Trend Micro uncovered an eight-year-long spying campaign exploiting a Windows vulnerability involving malicious .LNK shortcut files, which attackers padded with whitespace to conceal commands. Despite being reported to Microsoft in 2023, the company considers it a UI issue rather than a security ris...

Trend Micro uncovered an eight-year-long spying campaign exploiting a Windows vulnerability involving malicious .LNK shortcut files, which attackers padded with whitespace to conceal commands. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Microsoft

Microsoft

Photo of Year

Year

Photo of old shortcut exploit

old shortcut exploit

Related news:

News photo

US Music Streaming Tops 100 Million Subscribers; Vinyl Outsells CDs For Third Year

News photo

It's about damn time Microsoft made an Xbox gaming handheld

News photo

Microsoft's Xbox Adaptive Joystick is now available

« Social Security Admin to require in-person ID checks for new&existing recipients
Nvidia's Vera Rubin CPU, GPU roadmap charts course for hot-hot-hot 600 kW racks »