No sooner had Microsoft rolled out an emergency security update for Windows users in response to recent cyberattacks than news emerged of yet another ongoing threat targeting the platform. This time, however, the situation is more precarious, as there is currently no fix available. The focus is on CVE-2025-9491, a vulnerability that has now been exploited in the wild.
CVE-2025-9491 Is Now Being Exploited by Attackers in the Wild — No Fix Available from Microsoft
Just when it seemed that the security landscape for Windows users was improving—thanks to new administrative protections and an additional year of free security updates for Windows 10—news of a significant cyber espionage campaign has emerged. This campaign is leveraging a critical vulnerability, CVE-2025-9491, which remains unpatched by Microsoft.
A thorough analysis conducted by the cybersecurity experts at Arctic Wolf Labs has revealed that threat actors associated with China are actively exploiting this Windows remote code execution vulnerability, first reported back in March. The ongoing attacks appear to be primarily targeting European diplomatic entities in Hungary, Belgium, and other nations across the continent. Given that the exploit is now publicly known, it is likely that this vulnerability could be utilized in broader campaigns until a fix is released by Microsoft.
The current method of attack involves a series of phishing emails containing embedded URLs that lead to the delivery of malicious LNK files—essentially Windows shortcuts. By taking advantage of the vulnerability, attackers can execute obfuscated PowerShell commands, which facilitate the extraction and deployment of a multi-stage malware chain. This culminates in the deployment of the PlugX remote access trojan, resulting in significant cyber damage.
As I await a response from Microsoft regarding this pressing issue, it is crucial for Windows users to take proactive measures. With no immediate security patch available, it is advisable to block .lnk files from any untrusted sources within Windows Explorer settings to mitigate potential risks.
