For eight years, hackers have been taking advantage of a flaw in the Windows operating system, and Microsoft has no intention of fixing it
Microsoft is working very hard to give Windows a number of security features, such as Windows Defender, which is a great free option.
However, a flaw in.lnk shortcuts that hackers are using to initiate malware downloads was found by security firm Trend Micro last year.
It is interesting to note that the vulnerability was reported to Microsoft for fixing as soon as the research team found it. After several months, nothing has changed.
It is interesting to note that this security flaw has been used since at least 2017, and almost 1,000 of these phony links have already been discovered.
Megabytes of white space are used in these links, according to the authors, to trick antivirus software. In addition to China, Russia, and Iran, North Korea is the primary source of attacks.
The attacks were directed at research facilities, telecommunications firms, governments, and the private and financial sectors. Trend Micro eventually disclosed the vulnerability to raise awareness of it after Microsoft declined to address the problem. The confidentiality, availability, and integrity of data held by governments, critical infrastructure, and private organizations worldwide are all at serious risk, they say.
Since Microsoft has labeled this problem as "low severity," it is unlikely that they will address it. When downloading files from unknown sources, "users should be careful," a Microsoft representative told The Register.
The issue with this vulnerability is that these files are specially constructed, so when the user parses the shortcut (.lnk), nothing will be visible.
These threats may already be recognized by some security software, but not by others.