In a surprising turn of events, Microsoft has quietly enhanced its Windows security measures, addressing a critical vulnerability that has lingered for nearly eight years. This update comes ahead of the anticipated Patch Tuesday rollout, providing immediate protection for millions of users against a significant hacking threat.
Microsoft Silently Fixes Years-Old Security Issue For Millions Of Windows Users
On March 10, a warning was issued regarding the 10-second phantom goblin infostealer attack, which exploited the Windows .LNK shortcut while masquerading as a legitimate PDF document. Subsequent alerts followed on June 9, August 4, and November 1, all highlighting the now officially recognized CVE-2025-9491 Windows security vulnerability. Despite these warnings, the vulnerability remained unpatched, leading many to believe that Microsoft had no immediate plans for a fix.
Identified previously as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro security researchers, this vulnerability has been a tool for cyber espionage and data theft since 2017, utilized by 11 state-sponsored groups from North Korea, Iran, Russia, and China. Trend Micro’s analysis in March 2025 indicated the severity of the threat, yet Microsoft maintained that their existing defenses were sufficient. A spokesperson emphasized that while the reported user interface issues did not warrant immediate action, they would consider addressing it in future updates.
It appears that the long-awaited moment has finally arrived, albeit with little fanfare.
A Microsoft Security Patch Competitor Confirms Windows .LNK Update
Mitja Kolsek, founder of ACROS Security, which offers the 0patch platform for applying micro-patches in the absence of official updates, has confirmed that the November Patch Tuesday updates have indeed addressed the vulnerability. However, Kolsek noted that the issue has been “apparently demoted from vulnerability to functional bug” and was “silently fixed without an advisory.”
According to Kolsek, the Properties dialog of a .lnk file now displays the entire Target command with arguments in a single line, regardless of length. This change means that even a moderately sized command may require users to select text and adjust their view to fully comprehend it.
While Microsoft has not officially acknowledged the update, a spokesperson stated that the company is “continuously rolling out product and UI enhancements to help keep customers protected and improve the experience.” This ongoing commitment to security and user experience suggests that Microsoft is taking steps to address vulnerabilities, even if the process remains somewhat understated.
