According to PCWorld, a specific Windows security flaw designated CVE-2025-9491 has been actively exploited for over eight years and Microsoft still refuses to fix it. The vulnerability affects LNK file processing on Windows and has been used in thousands of attacks, most recently targeting diplomats in Belgium, Hungary, Italy, Serbia, and the Netherlands at the end of 2024. Arctic Wolf researchers discovered that hacker groups are still actively using this method, with attackers delivering malicious files through phishing emails that execute code when opened. The latest attacks attempted to inject a Trojan virus enabling remote access to affected devices. Previous exploitation has been linked to hacker groups from China, Iran, North Korea, and Russia according to Trend Micro research.
Sponsored content — provided for informational and promotional purposes.
Why This Matters to Everyone
Here’s the thing about an eight-year-old vulnerability still being actively exploited: it tells you something about both the attackers and the company responsible for fixing it. Attackers don’t abandon working methods, and when they find something that bypasses security measures for nearly a decade, they’re going to keep using it. Basically, if it ain’t broke, don’t fix it—from the hacker’s perspective anyway.
And the attack method is ridiculously simple. We’re not talking about some complex zero-day requiring sophisticated infrastructure. All it takes is getting someone to open a malicious LNK file, which can be disguised as anything from a document to a folder shortcut. That’s it. No special permissions needed, no advanced social engineering required beyond convincing someone to click.
Microsoft’s Concerning Silence
So why hasn’t Microsoft fixed this after eight years and thousands of documented attacks? That’s the billion-dollar question. The company has been aware of this specific vulnerability for years, and security researchers keep bringing it to their attention. Yet here we are in 2025, with European diplomats still getting targeted using the same method.
Look, I get that patching older vulnerabilities might not be the highest priority when new ones emerge constantly. But when something has this kind of longevity in the wild, when state-sponsored groups from multiple countries are using it consistently, you’d think it would warrant attention. The fact that it doesn’t suggests either technical challenges we don’t understand or a prioritization problem.
What Regular Users Can Actually Do
For everyday Windows users, this creates a frustrating situation. You’re relying on a company to secure its platform, but they’re leaving known vulnerabilities unpatched for years. The main defense here is the same old advice: be extremely careful with email attachments and downloaded files, even from seemingly trusted sources.
But that puts the burden entirely on users, which isn’t really fair when we’re talking about a fundamental operating system vulnerability. Enterprises should be particularly concerned—this isn’t just about individual users clicking bad links. Diplomatic targets suggest this is being used for serious espionage campaigns, and if government agencies can’t rely on basic Windows security, what hope do businesses have?
The reality is we’re stuck with workarounds rather than solutions. Until Microsoft decides this eight-year-old problem deserves fixing, millions of Windows users remain vulnerable to an attack method that should have been retired years ago. And that’s just not good enough for what’s supposed to be a modern, secure operating system.
