 Protect yourself with the Sophos Windows Shortcut Exploit Protection Tool |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
  |
 Jul 28 2010, 03:45 PM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3  |
 VirusBlokAda, a computer security firm based out of Belarus, had found a Trojan that utilized a new method of infecting a computer. This method would infect even a fully patched Windows 7 machine. It turns out that the method this Trojan infects the computer is a vulnerability that affects all Windows version since, and including, Windows XP. This vulnerability utilizes a specially crafted shortcut that when stored on an external drive, and that drive is opened, will automatically launch a malware program that can then infect your computer.Microsoft has subsquently issued an advisory that discussed the effects of this vulnerability and how to mitigate it. As the steps to mitigate this vulnerability revolved around editing the Windows Registry a Microsoft FixIt was released to automatically do it for you. The problem with the FixIt is that it will remove all the images from your shortcuts, which can reduce the usability of Windows. Since then, Sophos has released their own tool to fix the Windows Shortcut vulnerability, without the loss of your shortcuts images. This tool, called the Windows Shortcut Exploit Protection Tool, will allow you to view your shortcut's icons, while still protecting you, by installing its own shell handler that is not vulnerable to this infection. It will also issue an alert when a malicious shortcut is encountered that is trying to exploit this vulnerability. For those who want to protect themselves without losing functionality in the Windows GUI, then the Sophos tool looks like the way to go. -------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
 |
 
|
Link: |
Jul 28 2010, 03:52 PM
Post
#2
|
|
|
Member Group: Members Posts: 105 Joined: 29-March 08 Member No.: 199,572 |
thanks for notifying
|
|
|
|
|
Jul 28 2010, 06:38 PM
Post
#3
|
|
|
Member Group: Members Posts: 20 Joined: 19-July 10 Member No.: 535,912 |
I downloaded it. Is it running in the background? Thanks by the way!!
|
|
|
|
|
Jul 28 2010, 08:17 PM
Post
#4
|
|
|
Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
No it does not run in the background. It made the necessary changes when it was installed.
-------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Jul 29 2010, 11:39 AM
Post
#5
|
|
|
Member Group: Malware Study Hall Sophomore Posts: 139 Joined: 6-June 09 From: Jylland, Denmark Member No.: 339,512 |
I put it up onto my twitter for all to see and use, many thanks for sharing Grinler!
|
|
|
|
|
Jul 29 2010, 09:31 PM
Post
#6
|
|
|
Member Group: Members Posts: 23 Joined: 10-June 10 From: Florida, USA Member No.: 514,984 |
I love that it doesn't run in the background.
|
|
|
|
|
Jul 30 2010, 05:10 PM
Post
#7
|
|
|
Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
On Monday, Microsoft will be releasing an OOB patch to address this vulnerability.
Out of Band Release to address Microsoft Security Advisory 2286198 -------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Aug 2 2010, 01:17 PM
Post
#8
|
|
 Forum Regular Group: Malware Study Hall Junior Posts: 153 Joined: 28-September 09 From: Electric City Member No.: 383,888 |
The update is finally available for download:
 http://www.microsoft.com/technet/security/...n/MS10-046.mspx --------------------  |
|
|
|
|
Aug 2 2010, 02:09 PM
Post
#9
|
|
|
Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
Thanks for posting!
-------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Aug 3 2010, 04:46 AM
Post
#10
|
|
|
New Member Group: Members Posts: 7 Joined: 21-July 10 Member No.: 537,147 |
QUOTE(B-boy/StyLe/ @ Aug 2 2010, 11:17 AM)  The update is finally available for download: http://www.microsoft.com/technet/security/...n/MS10-046.mspx yes. finally
|
|
|
|
|
Aug 9 2010, 05:03 PM
Post
#11
|
|
|
Member Group: Malware Study Hall Sophomore Posts: 139 Joined: 6-June 09 From: Jylland, Denmark Member No.: 339,512 |
So a question Grinler, what of these two ways of doing this is best?
Sophos or Microsoft? This post has been edited by KarstenHansen: Aug 9 2010, 05:05 PM |
|
|
|
|
Aug 9 2010, 05:30 PM
Post
#12
|
|
|
Bleep Bleep! Group: Admin Posts: 33,231 Joined: 24-January 04 From: USA Member No.: 3 |
I always stick with Microsoft. I feel its important to stick with the original developers patches if possible.
-------------------- Lawrence
Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this! |
|
|
|
|
Aug 11 2010, 07:33 AM
Post
#13
|
|
|
Member Group: Malware Study Hall Sophomore Posts: 139 Joined: 6-June 09 From: Jylland, Denmark Member No.: 339,512 |
Yeah that would also be what I was thinking, but sophos was just a little faster with the development process this time. And so if you installed sophos solution and tries the MS one it will just tell you that you already got it.
So running MS patch did work but as sophos was there first, no need for the patch (or so my system tells me) ;) This post has been edited by KarstenHansen: Aug 11 2010, 07:34 AM |
|
|
|
|
Aug 11 2010, 08:34 AM
Post
#14
|
|
 Forum Addict Group: Members Posts: 1,323 Joined: 12-September 06 From: Northern Ohio Member No.: 85,011 |
Microsoft Security Advisory 2286198 is included in the big 12 update I did today. Just to add, the big update didn't take a long time and went smooth. Things are still working correctly.
|
|
|
|
|
Aug 11 2010, 11:31 PM
Post
#15
|
|
|
Member Group: Members Posts: 77 Joined: 23-February 07 Member No.: 113,515 |
Thanks Grinler,
How typical that someone outside the loop at Sophos is better at patching Windows better than MS. Someone at Sophos should get a nice fat "thank you" check from Gates. Windows users should all send a thank you note to Sophos. -------------------- “I am enough of the artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world.” Albert Einstein
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 2nd September 2010 - 05:55 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.