"The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one shown to the user, potentially offering attackers new vectors for phishing, USB-borne attacks, or initial access operations."
"Although Microsoft did not immediately respond to a request for comment on the disclosure, it has previously acknowledged risks in this area through security guidance, including a November 2025 advisory. Until now, Microsoft has always stopped short of classifying Windows' behavior with LNK files as a conventional "vulnerability," but the sheer number of exploits that Beukema has demonstrated makes Microsoft's position that this is just a UI issue harder to defend."
Four new techniques exploit conflicting metadata in .LNK shortcut files to spoof visible destinations, hide command-line arguments, and execute different programs than those displayed in Windows Explorer. The .LNK format allows target paths to be stored in multiple structures — TargetIDList, EnvironmentVariableDataBlock, and LinkInfo — creating opportunities for mismatches that Windows must resolve. The behavior enables attackers to craft shortcuts that perform bait-and-switch actions, facilitating phishing, USB-borne attacks, or initial access. Microsoft has provided security guidance, including a November 2025 advisory, but has not formally labeled the behavior as a conventional vulnerability.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]