New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. However, as security researchers Peter Girnus and Aliakbar Zahravi with Trend Micro's Zero Day Initiative (ZDI) reported today, Microsoft tagged it as "not meeting the bar servicing" in late September and said it wouldn't release security updates to address it. "We discovered nearly a thousand Shell Link (.lnk) samples that exploit ZDI-CAN-25373; however, it is probable that the total number of exploitation attempts are much higher," they said. "Subsequently, we submitted a proof-of-concept exploit through Trend ZDI's bug bounty program to Microsoft, who declined to address this vulnerability with a security patch." A Microsoft spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. While Microsoft has yet to assign a CVE-ID to this vulnerabil ... Read full article.