Microsoft Silently Activates Critical Windows Security Update

ByDavey Winder,

Senior Contributor.

You don’t have to wait until next week for the monthly Patch Tuesday rollout for this Windows surprise: Microsoft has silently updated Windows security protections for millions of users against a critical hacking threat. And it’s only taken, erm, eight years.

On March 10, I published an article warning about the 10-second phantom goblin infostealer attack. Go read it for the full gory details, but the gist of the thing is that it exploited the Windows .LNK shortcut while being disguised as a legitimate PDF document. On June 9, I published an article warning of another .LNK Windows attack, and another on August 4, and the latest was on November 1, concerning the now officially designated CVE-2025-9491 Windows security vulnerability. But that was just me, and just during 2025. The common denominator is that the vulnerability was unpatched, and Microsoft seemingly had no intention of fixing it.

Previously identified as ZDI-CAN-25373 and ZDI-25-148 by Trend Micro security researchers, this vulnerability has been used in threat campaigns dating back to 2017. “Our analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft,” Trend Micro said in March 2025.

Microsoft Silently Activates Critical Windows Security Update

Related reading

Bad News For Microsoft Windows 10 Users — Another Security Update Fail

Update Microsoft Windows Server, 10 And 11 Now — Attacks Underway

Act Now — Microsoft Issues Emergency Windows Update As Attacks Begin

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Microsoft Confirms Free Windows 10 Security Updates — How To Get Them

Do Not Download These Windows Security Updates, Experts Warn