BleepingComputer.com: Protect yourself with the Sophos Windows Shortcut Exploit Protection Tool

Jump to content

  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Protect yourself with the Sophos Windows Shortcut Exploit Protection Tool

#1 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 28 July 2010 - 03:45 PM

VirusBlokAda, a computer security firm based out of Belarus, had found a Trojan that utilized a new method of infecting a computer. This method would infect even a fully patched Windows 7 machine. It turns out that the method this Trojan infects the computer is a vulnerability that affects all Windows version since, and including, Windows XP. This vulnerability utilizes a specially crafted shortcut that when stored on an external drive, and that drive is opened, will automatically launch a malware program that can then infect your computer.

Microsoft has subsquently issued an advisory that discussed the effects of this vulnerability and how to mitigate it. As the steps to mitigate this vulnerability revolved around editing the Windows Registry a Microsoft FixIt was released to automatically do it for you. The problem with the FixIt is that it will remove all the images from your shortcuts, which can reduce the usability of Windows.

Since then, Sophos has released their own tool to fix the Windows Shortcut vulnerability, without the loss of your shortcuts images. This tool, called the Windows Shortcut Exploit Protection Tool, will allow you to view your shortcut's icons, while still protecting you, by installing its own shell handler that is not vulnerable to this infection. It will also issue an alert when a malicious shortcut is encountered that is trying to exploit this vulnerability.

For those who want to protect themselves without losing functionality in the Windows GUI, then the Sophos tool looks like the way to go.




#2 User is offline   Beenthere 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 111
  • Joined: 29-March 08

Posted 28 July 2010 - 03:52 PM

thanks for notifying

#3 Guest_hipityhopscott_*

  • Group: Guests

Posted 28 July 2010 - 06:38 PM

I downloaded it. Is it running in the background? Thanks by the way!! :thumbsup:

#4 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 28 July 2010 - 08:17 PM

No it does not run in the background. It made the necessary changes when it was installed.

#5 User is offline   KarstenHansen 

  • The Dane
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,079
  • Joined: 06-June 09
  • Gender:Male
  • Location:Denmark

Posted 29 July 2010 - 11:39 AM

I put it up onto my twitter for all to see and use, many thanks for sharing Grinler!
With High Regards,
KarstenHansen,

Enjoy EVERYDAY of your life to the fullest, it can be over so so quick. Removing Malware is just like a good game of CHESS.

#6 User is offline   RobertMorr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 10-June 10
  • Gender:Male
  • Location:Florida, USA

Posted 29 July 2010 - 09:31 PM

I love that it doesn't run in the background. :thumbsup:

#7 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 30 July 2010 - 05:10 PM

On Monday, Microsoft will be releasing an OOB patch to address this vulnerability.

Out of Band Release to address Microsoft Security Advisory 2286198

#8 User is offline   B-boy/StyLe/ 

  • Bleeping Freestyler
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 2,760
  • Joined: 28-September 09
  • Gender:Male
  • Location:Bulgaria

Posted 02 August 2010 - 01:17 PM

The update is finally available for download: :thumbsup:

http://www.microsoft.com/technet/security/...n/MS10-046.mspx
Posted Image

I'll be unavailable for the next 2 days. (26 and 27 may).
I will reply at Monday (28 may). Sorry for the inconvenience!

#9 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 02 August 2010 - 02:09 PM

Thanks for posting!

#10 User is offline   teamo 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 21-July 10

Posted 03 August 2010 - 04:46 AM

View PostB-boy/StyLe/, on Aug 2 2010, 11:17 AM, said:

The update is finally available for download: :thumbsup:

http://www.microsoft.com/technet/security/...n/MS10-046.mspx


yes. finally :flowers:

#11 User is offline   KarstenHansen 

  • The Dane
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,079
  • Joined: 06-June 09
  • Gender:Male
  • Location:Denmark

Posted 09 August 2010 - 05:03 PM

So a question Grinler, what of these two ways of doing this is best?

Sophos or Microsoft?

This post has been edited by KarstenHansen: 09 August 2010 - 05:05 PM

With High Regards,
KarstenHansen,

Enjoy EVERYDAY of your life to the fullest, it can be over so so quick. Removing Malware is just like a good game of CHESS.

#12 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,603
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 09 August 2010 - 05:30 PM

I always stick with Microsoft. I feel its important to stick with the original developers patches if possible.

#13 User is offline   KarstenHansen 

  • The Dane
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 1,079
  • Joined: 06-June 09
  • Gender:Male
  • Location:Denmark

Posted 11 August 2010 - 07:33 AM

Yeah that would also be what I was thinking, but sophos was just a little faster with the development process this time. And so if you installed sophos solution and tries the MS one it will just tell you that you already got it.

So running MS patch did work but as sophos was there first, no need for the patch (or so my system tells me) ;)

This post has been edited by KarstenHansen: 11 August 2010 - 07:34 AM

With High Regards,
KarstenHansen,

Enjoy EVERYDAY of your life to the fullest, it can be over so so quick. Removing Malware is just like a good game of CHESS.

#14 User is offline   Layback Bear 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,844
  • Joined: 12-September 06
  • Gender:Male
  • Location:Northern Ohio

Posted 11 August 2010 - 08:34 AM

Microsoft Security Advisory 2286198 is included in the big 12 update I did today. Just to add, the big update didn't take a long time and went smooth. Things are still working correctly.

#15 User is offline   doctorphibes 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 81
  • Joined: 23-February 07

Posted 11 August 2010 - 11:31 PM

Thanks Grinler,
How typical that someone outside the loop at Sophos is better at patching Windows better than MS. Someone at Sophos should get a nice fat "thank you" check from Gates. Windows users should all send a thank you note to Sophos.
“I am enough of the artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world.” Albert Einstein

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users