The Zero Day Initiative classifies a vulnerability in the display of the contents of LNK files in Windows as high-risk.

If you cannot open exe or lnk files, learn how to reset, repair, restore broken EXE or LNK file association in Windows. Use FixExec or apply this fix.

When opened, this LNK file quietly connects to a command-and-control (C2) server controlled by the threat actors, downloads a MSI installer file, and runs the installer.

By embedding malicious code inside the .LNK files, a booby-trapped stick could automatically infect the connected computer even when its autorun feature was turned off.