The security teams from Huorong and the 360 Vulnerability Research Institute have recently disclosed and successfully replicated a severe security flaw in the WeChat Windows client. This vulnerability, which combines "directory traversal" and "remote code execution (RCE)" techniques, enables attackers to execute arbitrary code remotely via malicious files without the user's awareness. This grants the attackers control over the system or allows them to maintain elevated privileges, posing a substantial threat to endpoint security. Attackers can exploit this vulnerability by sending chat messages containing malicious files. When handling these automatically downloaded files, WeChat's inadequate path validation allows the attackers to implant malicious code into critical system directories. This, in turn, enables the malicious code to automatically start upon system boot and execute remote commands. The vulnerability affects WeChat Windows client versions 3.9 and earlier. Users are strongly advised to upgrade to the latest version promptly to mitigate this risk.