BleepingComputer.com: Protect yourself with the Sophos Windows Shortcut Exploit Protection Tool

VirusBlokAda, a computer security firm based out of Belarus, had found a Trojan that utilized a new method of infecting a computer. This method would infect even a fully patched Windows 7 machine. It turns out that the method this Trojan infects the computer is a vulnerability that affects all Windows version since, and including, Windows XP. This vulnerability utilizes a specially crafted shortcut that when stored on an external drive, and that drive is opened, will automatically launch a malware program that can then infect your computer.

Microsoft has subsquently issued an advisory that discussed the effects of this vulnerability and how to mitigate it. As the steps to mitigate this vulnerability revolved around editing the Windows Registry a Microsoft FixIt was released to automatically do it for you. The problem with the FixIt is that it will remove all the images from your shortcuts, which can reduce the usability of Windows.

Since then, Sophos has released their own tool to fix the Windows Shortcut vulnerability, without the loss of your shortcuts images. This tool, called the Windows Shortcut Exploit Protection Tool, will allow you to view your shortcut's icons, while still protecting you, by installing its own shell handler that is not vulnerable to this infection. It will also issue an alert when a malicious shortcut is encountered that is trying to exploit this vulnerability.

For those who want to protect themselves without losing functionality in the Windows GUI, then the Sophos tool looks like the way to go.

thanks for notifying

I downloaded it. Is it running in the background? Thanks by the way!!

No it does not run in the background. It made the necessary changes when it was installed.

I put it up onto my twitter for all to see and use, many thanks for sharing Grinler!

I love that it doesn't run in the background.

On Monday, Microsoft will be releasing an OOB patch to address this vulnerability.

Out of Band Release to address Microsoft Security Advisory 2286198

The update is finally available for download:

http://www.microsoft.com/technet/security/...n/MS10-046.mspx

Thanks for posting!

B-boy/StyLe/, on Aug 2 2010, 11:17 AM, said:

yes. finally

So a question Grinler, what of these two ways of doing this is best?

Sophos or Microsoft?

This post has been edited by KarstenHansen: 09 August 2010 - 05:05 PM

I always stick with Microsoft. I feel its important to stick with the original developers patches if possible.

Yeah that would also be what I was thinking, but sophos was just a little faster with the development process this time. And so if you installed sophos solution and tries the MS one it will just tell you that you already got it.

So running MS patch did work but as sophos was there first, no need for the patch (or so my system tells me) ;)

This post has been edited by KarstenHansen: 11 August 2010 - 07:34 AM

Microsoft Security Advisory 2286198 is included in the big 12 update I did today. Just to add, the big update didn't take a long time and went smooth. Things are still working correctly.

Thanks Grinler,
How typical that someone outside the loop at Sophos is better at patching Windows better than MS. Someone at Sophos should get a nice fat "thank you" check from Gates. Windows users should all send a thank you note to Sophos.