Microsoft has issued an urgent cybersecurity warning over a long-standing vulnerability, identified as ZDI-CAN-25373, targeting Windows users via .LNK shortcut files. Cybercriminals are exploiting this flaw by embedding network paths into shortcuts that trigger malicious actions without the user's awareness. This vulnerability impacts systems across VLANs and exploits a loophole in how Windows File Explorer processes file parameters.
Despite being known for years, the flaw has not been assigned a CVE. Microsoft’s Defender and Smart App Control offer partial protection, but users are urged to avoid suspicious .LNK files, keep their antivirus software updated, and heed all system warnings.
While Microsoft does not classify the flaw as requiring immediate patching, experts stress that user awareness and caution remain the most effective defenses against this ongoing threat.
Read more: link
Get in touch
