Microsoft finally plugged a security hole that hackers have used to break into computers for nearly a decade. On November 12, the tech giant released its monthly update, which included a fix for a sneaky trick involving Windows shortcut files. Attackers have actively exploited this flaw to infect systems, but Microsoft resisted fixing it until now.
This vulnerability involves those little arrow icons on your desktop, known as .LNK files or shortcuts. Smart users often check suspicious files by right-clicking them and selecting “Properties” to see where the shortcut leads. However, this bug broke that safety check. It allowed attackers to create “weaponized” shortcuts that hid their true target. You could look at the file properties, see a totally normal path, and think the file was safe. In reality, the shortcut contained invisible commands that would install malware or steal data the moment you clicked it.
Cybercriminals began flocking to .LNK files years ago after Microsoft cracked down on macros in Word and Excel. Once macros became harder to abuse, hackers needed a new way in. Security researchers at Trend Micro found that at least 11 different state-sponsored hacking groups—including teams from China, Russia, Iran, and North Korea—actively used this specific flaw. They used it for espionage and fraud, with some attacks dating back to 2017.
The most frustrating part of this story is that Microsoft knew about the issue but initially refused to fix it. The company previously told researchers it wasn’t a major threat because programs like Outlook and Word block shortcut files by default. They felt that standard warning labels were enough protection. However, with so many government-backed spies actively exploiting the glitch to bypass security, Microsoft finally realized it couldn’t ignore it. They assigned the bug, now tracked as CVE-2025-9491, a high severity rating and pushed out a fix to protect Windows users worldwide.
