Microsoft Mitigates Windows LNK Vulnerability Exploited in Zero-Day Attacks

Microsoft Mitigates Windows LNK Vulnerability Exploited in Zero-Day Attacks

First seen 3 Dec 2025, 17:41 UTC MaketecheasierWebpronewsBleepingcomputer 78% similarity 48.0

Article Content

Browse articles
ThreatCluster

Microsoft has mitigated a high-severity Windows LNK vulnerability, tracked as CVE-2025-9491, which has been exploited by state-backed and cybercrime groups in zero-day attacks. This flaw allows attackers to hide malicious commands within LNK files, requiring user interaction to execute the attacks. Despite the mitigation, the vulnerability remains unpatched, posing ongoing risks to users.

ThreatCluster AI

Community

Browse all →