<ul><li>A security vulnerability in .lnk shortcuts, which triggers malware downloads, has been known by Microsoft since 2017.</li><li>The vulnerability has been exploited since at least 2017, with attacks originating from North Korea, China, Russia, and Iran.</li><li>The majority of attacks are state-sponsored and target governments, critical infrastructure, private organizations, think tanks, and the financial sector.</li><li>Microsoft has classified the issue as low severity and has not taken action to patch it.</li></ul>

Windows has an 8-year-old security issue that is exploited and known by Microsoft for some time

Discover more