Microsoft’s Windows operating system is an extremely complex piece of software that has evolved over the years. Although it tries to make using a PC as easy as possible, it’s a very advanced operating system internally.
We’re telling you all this because it’s no surprise that certain bugs affecting different parts of Windows are detected from time to time. This has been happening for years and across versions of the system, and it’s likely to continue in the future.
We’re mentioning these potential flaws in Microsoft’s system because it’s now been discovered that Windows has a security issue that’s been around for eight years. In fact, the software developer itself has been exploiting and knowing about it for some time. It’s true that Microsoft is doing important work on Windows security, especially considering that it’s an operating system with hundreds of millions of users.
But it’s also true that maintaining the security of all those millions of devices is no easy task, even for a company the size of Microsoft. Sometimes, however, it seems that certain company employees don’t respond as they should to certain vulnerabilities that are detected, as is the case here.
Here we’re referring to a vulnerability in .lnk shortcuts that is exploited to trigger malware downloads. The interesting thing is that Trend Micro discovered this security flaw in 2024 and reported it to Microsoft in September of that same year.
Microsoft does nothing about this security flaw in Windows
The problem is that, as the company’s experts reported, it has been exploited since at least 2017. In fact, nearly 1,000 of these malicious links have been found at this time. As the security company itself reported, these links contain several megabytes of blank characters to fool antivirus and other protection solutions.
Thus, the attackers successfully download and install various malware payloads on exploited Windows systems. The worst part is that, to date, despite having been aware of this for some time, Microsoft has taken no action. In fact, Trend Micro claims it has decided to make the information public due to Microsoft’s inaction.
According to experts, the threat in question poses a significant risk to affected computers, both for end users and businesses, worldwide. However, Windows developers have classified the issue as low severity, indicating that it may not be patched in the immediate future. All the company has done in this regard is warn its users to be cautious when downloading files from unknown sources or untrustworthy websites.
Therefore, it’s essential that we monitor our computer’s security. This includes using a good antivirus (not Microsoft’s) and practicing essential security practices, such as having TPM and encryption on our PC, not downloading files from suspicious websites, avoiding following links on social media, and always keeping our browser and all other programs on our PC up to date.
