Microsoft: New Windows LNK spoofing issues aren't vulnerabilities

Security researcher Wietze Beukema disclosed multiple techniques for crafting Windows LNK shortcut files that display benign targets while executing different malicious programs (including hiding command-line arguments), released a testing/tooling suite (lnk-it-up), and demonstrated how malformed LNK structures can be abused; the report notes active exploitation history related to CVE-2025-9491 by state-backed groups and cybercrime (including PlugX deployments) and describes Microsoft’s decision not to classify one issue as a vulnerability while later applying mitigations.