Unpatched Windows Zero-Day Exploited by 11 State-Sponsored Threat Actors

by Justin Erickson

Security researchers have revealed an unpatched zero-day vulnerability in Microsoft Windows that has been actively exploited by at least 11 state-sponsored threat groups since 2017. Tracked as ZDI-CAN-25373, reports indicate that attackers leverage this flaw to execute arbitrary code on vulnerable Windows systems. Hackers are using this mainly for espionage and information theft, but also for financial gain. Microsoft has not yet issued an official patch, and they won’t for a while, as it “does not meet the bar for immediate servicing under [their] severity classification guidelines…” Organizations are advised to watch for suspicious .lnk files, investigate signs of compromise, and implement other immediate security measures.