Recently, cybersecurity experts at Kaspersky and Trend micro have advised users to absolutely not open Ink files from unknown sources to avoid being attacked by hackers.
Accordingly, security researchers have discovered a vulnerability with code ZDI-CAN-25373 related to how Windows processes (.Ink shortckets exploited by cybercriminal groups and cyber organizations in many zero-day attacks since the beginning of 2025.
It is worth mentioning that Microsoft has not completely fixed this vulnerability. Even without an official CVE identification code, this is rare with a dangerous vulnerability being widely exploited.
Alexander Kolesnikov, a toxic software analyst at Kaspersky Lab, said: "The problem lies in Windows's File Explorer does not display enough information in the target field (target) of the Ink file.
This means that when users open a seemingly harmless Ink file, malicious commands will be executed secretly, and dangerous software can be downloaded and installed through PowerShell without leaving a clear track.
It is known that this vulnerability has been exploited in targeted attack campaigns, targeting both individual and corporate users. Cybercriminal groups and even hackers take advantage of vulnerabilities to break into systems, steal data or install malware for the purpose of blackmail (ransomware).
More notably, Windows is the most popular operating system in the world, the scale of attacks can be very large, causing serious impacts if users are not vigilant.
In this situation, a Microsoft representative also advised: To ensure safety, we recommend that customers be cautious when downloading and opening files from unknown sources, as stated in our security warnings. Microsoft also emphasized the importance of regularly updating operating systems and security software to minimize the risk of attack.
To limit becoming a victim, users should apply the following measures:
- Absolutely do not open .Ink files received via email, social networks or download from websites of unknown origin.
- Check the link of the Ink file carefully if you are forced to use it, but note that file Explorer may not fully display the hidden malware.
- Update Windows and security software to the latest version to receive security patches as soon as possible.
- Regularly back up important data to limit damage if attacked.
- Beware of strange emails or unclear attachments, even if they come from acquaintances.
Currently, Incidents on Windows are one of the most serious security threats, especially when there is no official patch from Microsoft. Users need to be vigilant, absolutely do not open strange Ink files. On the other hand, proactively update software to protect data and systems from increasingly sophisticated cyber attacks.