Microsoft reports that the LNK file flaw, known for a decade, is being used by cybercriminals against users; it encourages users to take safeguard measures and update their security tools.

Microsoft informs Windows users that hackers are currently exploiting a dangerous security bug. The discovered vulnerability, ZDI-CAN-25373, points out that due to a weakness in Windows File Explorer, LNK files can contain attacker-defined options without the user being able to notice.

Microsoft has still not given CVE numbers to this old flaw after these many years. According to reports, Kaspersky and Trend Micro found cyber-attacks in 2025 that used this kind of exploit.

Microsoft explained that its Defender tools already can detect and block these malicious LNK files. Microsoft Defender and Smart App Control are created to protect your computer from such attacks, the company has announced. At the same time, it revealed that the flaw does not require a quick patch since it does not meet the required criteria for severity.

People are encouraged by experts to be careful and not open LNK files from suspicious websites, update Microsoft Defender, and pay attention to security alerts from Windows.

In addition, Google urges its users to replace passwords and 2FA with better passkeys that rely on fingerprints or dependable gadgets to log in.

Being cautious with the system is the fundamental safety rule for users while Microsoft assesses the situation for updates.