Microsoft mitigated a severe Windows LNK vulnerability exploited by state and cybercrime groups (CVE-2025-9491), allowing attackers to conceal malicious operations in LNK files, requiring user interaction to execute. Despite initial inaction, Microsoft silently adjusted LNK file visibility in June 2025, while unofficial patches have been offered to limit risks until a thorough fix is provided.
Microsoft “mitigates” Windows LNK Flaw Exploited as Zero-day

