Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active exploitation in widespread attacks targeting a swath of the Internet, researchers say.
The zero-day went undiscovered until March, when security firm Trend Micro said it had been under active exploitation since 2017, by as many as 11 separate advanced persistent threats (APTs). These APT groups, often with ties to nation-states, relentlessly attack specific individuals or groups of interest. Trend Micro went on to say that the groups were exploiting the vulnerability, then tracked as ZDI-CAN-25373, to install various known post-exploitation payloads on infrastructure located in nearly 60 countries, with the US, Canada, Russia, and Korea being the most common.
A large-scale, coordinated operation
Seven months later, Microsoft still hasn’t patched the vulnerability, which stems from a bug in the Windows Shortcut binary format. The Windows component makes opening apps or accessing files easier and faster by allowing a single binary file to invoke them without having to navigate to their locations. In recent months, the ZDI-CAN-25373 tracking designation has been changed to CVE-2025-9491.
This is an important update on Windows vulnerabilities. It’s crucial for users to stay informed about security risks and take necessary precautions. Thanks for sharing this information!
Absolutely, staying informed is key for cybersecurity. It’s also worth noting that regular updates and patches from Microsoft can significantly reduce the risk of exploitation. Keeping your system updated is a proactive way to protect against these vulnerabilities!
Absolutely, regular updates are crucial! It’s interesting to consider how some vulnerabilities can linger for years before being exploited, highlighting the importance of not just patching but also proactive security measures. Keeping an eye on emerging threats is essential for staying ahead.
You’re right about the importance of regular updates! It’s fascinating to think that even older vulnerabilities, like the one from 2017, can still be exploited if not patched. This highlights how essential it is for users to stay informed about security measures.
Absolutely! It’s surprising how long some vulnerabilities can remain unpatched while they’re actively exploited. This highlights the need for organizations to prioritize both timely updates and ongoing security assessments to stay ahead of potential threats.
You’re right; it’s quite alarming. It highlights the importance of regular system updates and proactive security measures. Even older vulnerabilities can lead to significant risks if not addressed promptly.
Absolutely, regular updates are crucial for security. It’s interesting to note that the zero-day vulnerability has been out there for so long, which really underscores the need for robust monitoring and threat detection systems to catch these exploits early.