Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation Microsoft has silently plugged a security flaw that been exploited by several threat actors since 2017 as part the company's November 2025 Patch Tuesday updates , according to ACROS Security's 0patch . The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which described Shortcut (LNK) file UI misinterpretation could lead remote code execution. "The specific exists within handling .LNK files," description NIST National Vulnerability Database (NVD). "Crafted data an can cause hazardous content be invisible user who inspects via Windows-provided interface. An attacker leverage this execute context current user." In other words, these shortcut files are crafted such viewing their properties conceals malicious commands executed them out u... https://thehackernews.com/2025/12/microsoft-silently-patches-windows-lnk.html