- Статьи
- Society
- The Anxiety Window: hackers have become more likely to exploit application vulnerabilities

The Anxiety Window: hackers have become more likely to exploit application vulnerabilities

Hackers have become more likely to exploit vulnerabilities in individual applications and services to obtain user data. In particular, the use of the weak point of the Windows Explorer file manager increased 2.5 times — when unpacking archives. The number of application vulnerabilities is growing rapidly, as developers have become more likely to use artificial intelligence when developing application codes, without paying enough attention to subsequent testing. Experts estimate that 70 to 90% of services and applications contain vulnerabilities.
What vulnerabilities do applications have?
About 70% of desktop and mobile services and about 90% of web applications contain at least one critical vulnerability, Alexander Bleznekov, head of information security at Telecom Exchange, told Izvestia.
— When creating them, developers actively use open source libraries. Code breaches can be used to gain unauthorized access to the service, launch malware, and steal confidential data, such as website addresses, IP addresses, email addresses, and more sensitive information like passwords, he said.
In addition, as Mikhail Khlebunov, director of products at Servicepipe's computer security service, noted, most of the applications are now "written by not the most qualified developers using ChatGPT."
The lack of testing or insufficient testing of applications before release leads to an increase in the number of vulnerabilities, said Alexander Bleznekov.
— In an ideal worldview, it is necessary to regularly scan software for vulnerabilities and eliminate them, but this requires qualified personnel. This is where you can understand a business that wants new products or functionality to be released as quickly as possible," he said. — Besides, the problem is the lack of awareness of risks.
According to him, the management of small and medium-sized companies in various industries often believes that cyber attacks only affect large corporations.
"But it's just the opposite," the expert noted, "It's easier for hackers to attack weakly secured small and medium—sized companies, because their compromise is much easier and faster.
Hackers have become more likely to attack through applications
In May 2025, the number of victims of the vulnerability of Windows Explorer (a graphical application for managing files and folders in the Windows operating system) among Russian companies increased 2.5 times, the Neuroinform company told Izvestia. This "weak point" allows attackers to obtain a user's username and password from a domain account due to incorrect file processing.
This vulnerability is usually exploited through phishing mailings. The attacker creates an XML file with any name and extension .library-ms (library description file format), puts it in a folder with other files. After that, it archives the entire folder.
"The main task of a cybercriminal is to compose a phishing email so that the victim unzips the attachment and goes to the folder where this file is located," the company said. — As a result, Windows itself will read the contents of the file and access the attacker's server, the path to which is written in the file, sending the login and password data there.
The company noted that this vulnerability is an application error: Windows sees a file with the .library—ms extension and believes that there is a link to the desired library inside. And to connect this library, the system accesses the link inside and tries to log in using the user's username and password.
This way, an attacker will be able to connect to a corporate email account or a corporate VPN.
This vulnerability is not new - it became known back in March 2025, Margarita Pavlova, an expert at the Solar 4RAYS Cyber Threat Research Center at Solar Group, told Izvestia.
"Among other things, its exploitation was noticed among the customers of our cyber threat research center," she said.
The peculiarity of this vulnerability is that it does not require opening or launching a file to exploit it — just extracting the archive is enough, said Maxim Kolesnikov, a leading information security expert at AiTiAngel.
"This makes the attack especially dangerous, as it can be implemented through phishing campaigns using archives disguised as harmless documents," he said.
The ms-library file is not a virus, so it easily gets on users' computers," said Alexander Dmitriev, CEO of Neuroinform.
"This vulnerability has already been fixed by Microsoft, but not all organizations have managed to install updates," the expert said.
The largest increase in the number of companies affected by this vulnerability in May this year was detected in retail (three times), logistics (twice) and telecom (1.5 times).
How to protect yourself from hacking due to apps
The solution to the problem of hacking into companies' servers due to the vulnerability of services and applications may be the use of security tools that will prevent automatic scanning, minimizing the risks of hacking, Mikhail Khlebunov noted.
"Besides, such solutions will also protect against such a threat as parsing,— he said.
To protect against this and other vulnerabilities in Windows Explorer and other services, it is recommended to promptly install Microsoft security updates, Margarita Pavlova said.
— In our experience, file creation should also be monitored.library-ms on disk by archiver processes or Windows Explorer (explorer.exe ), and attempts to access external networks via SMB (a network protocol for exchanging files, printing and other network resources between computers on the network)," she said.
As a protection, it is recommended not only to update the operating system by installing all available fixes, but also to set up restrictions for outgoing SMB connections, Maxim Kolesnikov said.
"In a corporate network, it is advisable to prohibit outgoing SMB connections to external servers," he said. — Also, avoid working with archives from questionable sources. It is not recommended to extract the contents of zip or rar archives received from unknown senders or through unreliable channels.
The expert also urged not to forget about ensuring the operation of antiviruses and attack detection systems. Modern antivirus solutions are able to detect attempts to exploit such vulnerabilities and block malicious activity before it develops.
In addition, it is necessary to enable monitoring of processes related to a potential attack.
Переведено сервисом «Яндекс Переводчик»