One of the biggest shows on Netflix at the moment is Zero Day, about the fallout of a catastrophic cyberattack in the US. A zero-day vulnerability is a security weakness developers have yet to discover, leaving an opening for cybercriminals to infiltrate their systems. Once a zero-day exploit has been identified internally, the idea is to patch it up as quickly as possible to prevent further exposure.
This week, however, a report by Trend Micro revealed an alarming discovery. Not only did the company identify a Windows vulnerability that’s been quietly exploited by state-sponsored hackers from 11 different countries over the past eight years, but Microsoft isn’t planning to do anything about it.
Truth really is stranger than fiction.
How does the Microsoft zero-day exploit work?
See those icons on your Windows desktop – the ones you double-click to open your files or apps? Beneath their seemingly harmless appearance, those little icons are really .lnk files. They’re essentially shortcuts that trigger the program to load.
What hackers have discovered is that they can replace these files with malicious shortcuts. When you click on these files, they don’t just execute the file but also additional commands to steal data or download and run malware.
Usually, you can see what a command does by checking its properties. But in this case, the hackers bury the real command deep in a long string of empty spaces, making it invisible to the user. These files can be sent through phishing emails, fake downloads, or even hidden on USB drives. If an attacker can combine .lnk infiltration with another flaw, such as a privilege escalation bug, they can gain full control of your machine.
Who’s been targeted?
According to Trend Micro, the vulnerability has been exploited by state-sponsored groups from countries such as North Korea, Iran, Russia, and China. Among the organisations to be targeted include government departments and companies across the finance, telecommunications, and energy sectors. Geographically, the attacks have been spread globally.
Nearly 70% of the incidents identified by Trend Micro were mainly for espionage purposes, with over 20% motivated by financial gain. Many threat actors combine the two motivations to serve one another.
Why isn’t Microsoft fixing it?
Microsoft sees the vulnerability as a UI issue, not a security problem. The company claims that the flaw “does not meet the bar for immediate servicing under our severity classification guidelines”.
There’s also an underlying suspicion that Microsoft’s reluctance to address the issue may be due to the technical complexity of fixing it. Experts have suggested that rectifying the problem may require a more complex solution than can be achieved in a traditional security update.
How to protect yourself from unpatched threats
Having identified the vulnerability last year and shared its findings with Microsoft, Trend Micro decided to go public to force the company’s hand. With Microsoft still refusing to budge, it’s never been more important to protect your cyber resilience.
Unpatched vulnerabilities increase the risk of a data breach dramatically. Here’s what you should do in response:
- Immutable backups: Cybercriminals leveraging the .lnk exploit could use malware to corrupt or delete essential files. Immutable cloud backups ensure that even if your system is compromised and ransomware deployed, your data remains untouched and recoverable, preventing attackers from holding it hostage.
- Threat detection: Automated malware detection scans backups in real-time, identifying and isolating infected files before they can reinfect a restored system. This is especially crucial given that traditional antivirus tools may struggle to detect .lnk-based malware hidden behind layers of whitespace.
- Rapid recovery: If an attack succeeds, businesses need to recover fast. Redstor’s InstantData™ technology enables organisations to access critical files immediately, eliminating the long wait times associated with traditional recovery solutions.
Take control before it’s too late
Businesses can’t afford to wait for fixes that may never arrive. Now that the truth is out in the public domain, cybercriminals globally have been given a blueprint to test out this strategy on their next targets.
Don’t let unpatched vulnerabilities leave you picking up the pieces of your business. Microsoft may let you down, but Redstor’s backup and recovery solutions won’t. We protect the full Microsoft ecosystem – from M365 and Entra ID to Azure VMs and Blob.
Get in touch today to learn more.