Microsoft Silently Fixes 8-Year Windows Security Flaw

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

Microsoft quietly patched a critical Windows vulnerability that hackers have been exploiting for nearly eight years.

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface—but the tech giant never officially announced the fix.

For eight years, Windows users unknowingly lived with a security hole that nation-states exploited daily. State-sponsored hacking groups from China, Iran, North Korea, and Russia weaponized this Windows shortcut vulnerability since 2017. Trend Micro’s Zero Day Initiative discovered that 11 different government-backed teams actively exploited the security hole, turning what should have been harmless shortcut files into dangerous attack vectors.

The vulnerability affected how Windows displays .LNK ...