Microsoft is doing a commendable job when it comes to Windows security. Keeping billions of devices secure is no small feat. Sometimes, however, it appears that someone at Microsoft is pushing the breaks regarding specific vulnerabilities.

Take the following attack method as an example. It is a vulnerability in .lnk shortcuts that is exploited to trigger malware downloads. It was discovered by Trend Micro in 2024 and reported to Microsoft in September 2024.

Security engineers at Trend Micro say that the issue has been exploited since at least 2017 and that it has found almost a 1,000 of these links in the wild already.

These links contain megabytes of whitespace characters according to Trend Micro to fool antivirus and other security solutions. Attacks come from four countries only -- North Korea, China, Russia, and Iran -- according to the researchers. Trend Micro revealed that the vast majority of attacks come from state-sponsored attack crews and fall in the information theft and espionage category. Government were targeted the most, followed by the private and financial sector, think tanks, and telecommunications.

The attackers download and install different malware payloads on successfully exploited systems. Among them notorious payloads and loaders such as Lumma Stealer or GuLoader.

Microsoft has not acted on the provided information. Trend Micro says that it decided to go public with the information because of Microsoft's inactivity. The threat "poses a significant risk "to the confidentiality, integrity, and availability of data maintained by governments, critical infrastructure, and private organizations globally" according to the researchers.

Microsoft classified the issue as low severity according to Trend Micro, indicating that the issue may not be patched in the "immediate future".

In a comment to The Register, a Microsoft spokesperson encouraged customers to "exercise caution when downloading files from unknown sources".

Shortcut files can be analyzed on local Windows systems. The problem with the disclosed vulnerability is that the link files are specifically crafted. This means that the user won't see the exploit when analyzing the link shortcut according to Trend Micro.

Some security solutions may recognize these malicious shortcuts already, others may do so in the near future.

Now You: what is your take on this? Should Microsoft develop a fix and release it? Feel free to leave a comment down below.