Security researcher Trend Micros have a weak point in Windows discovered that has been actively exploited for over eight years. So far, however, there are no signs that Microsoft wants to fix the mistake. It is classified as a low risk.
Clear zero-day gap
The attack method is technically simple, but effective: Manipulated .LNK connection files contain hidden commands that download and execute malware when opening. Such commands in Windows are usually easily recognizable. But the hacker groups observed by Trend Micro use a technology in which they fill up the command line arguments with a lot of spaces.
This invisible the harmful instructions in the user interface. Trend Micro reported the security vulnerability to Microsoft in September last year. According to the experts, it has been actively exploited since 2017. After all, the security researchers found almost a thousand manipulated .lnk files, but assume that the actual number of attacks is significantly higher.
“This is one of many security gaps that are used by attackers. But since it has not yet been closed, we have reported it as a Zero-Day Schwachstelle,” Dustin Childs from Zero Day Initiative told the British magazine The Register. Microsoft, on the other hand, rates the matter as a pure user interface problem and not as a real security risk. It could therefore only be remedied in a later Windows version. According to the Trend Micro, around 70 percent of the attacks are manipulated .LNK files from state-supported hacker groups, which mainly operate espionage and data theft.
North Korea is particularly active, which should be responsible for 46 percent of the attacks discovered. Russia, Iran and China each share around 18 percent of the activities. The main goals include government agencies, companies, financial institutions, think tanks and telecommunications companies. The focus is also on the military and the energy sector.
Patch is supposed to come
Trend Micro decided to make the weak point public after Microsoft refused to treat it as a security problem. The combination with other Windows weak spots that could allow an increase in user rights are particularly dangerous. In this case, an entire system could be compromised with comparatively simple means.
In a statement, Microsoft emphasized that the gap did not meet the criteria for immediate correction, but promised a possible consideration in future updates. In addition, the company advises users to exercise caution when downloading files from unknown sources, since Windows already shows security warnings in order to identify potentially harmful files.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
