The Digital Security Authority (DSA) wants to bring to your attention a zero day  vulnerability affecting Microsoft Windows.

Technical Details

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly being actively exploited by the Chinese state-sponsored Advanced Persistent Threat (APT) group Mustang Panda.

The flaw involves how Windows handles files extracted from compressed “RAR” archives. When extracted into a folder, these files appear invisible in the Windows Explorer GUI, misleading users into believing the folder is empty. However, the files can still be accessed and executed via command-line tools if their exact path is known.

For instance:

Using the dir command reveals these hidden files, and executing attrib -s -h on systemprotected files results in the creation of an unknown file type associated with an “Unknown” ActiveX component. This exploitation method allows threat actors to conceal malicious files within seemingly benign archives, bypassing detection and enabling stealthy execution of harmful payloads.

Affected Products:

Microsoft Windows.

Recommendations

There are no fixes from Microsoft for this vulnerability so far. 

The information presented in this report is based on available data up to the 14th of February 2025.

 [ Get the report  in .PDF ]