Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protect yourself with the Sophos Windows Shortcut Exploit Protection Tool


  • Please log in to reply
17 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 28 July 2010 - 03:45 PM

VirusBlokAda, a computer security firm based out of Belarus, had found a Trojan that utilized a new method of infecting a computer. This method would infect even a fully patched Windows 7 machine. It turns out that the method this Trojan infects the computer is a vulnerability that affects all Windows version since, and including, Windows XP. This vulnerability utilizes a specially crafted shortcut that when stored on an external drive, and that drive is opened, will automatically launch a malware program that can then infect your computer.

Microsoft has subsquently issued an advisory that discussed the effects of this vulnerability and how to mitigate it. As the steps to mitigate this vulnerability revolved around editing the Windows Registry a Microsoft FixIt was released to automatically do it for you. The problem with the FixIt is that it will remove all the images from your shortcuts, which can reduce the usability of Windows.

Since then, Sophos has released their own tool to fix the Windows Shortcut vulnerability, without the loss of your shortcuts images. This tool, called the Windows Shortcut Exploit Protection Tool, will allow you to view your shortcut's icons, while still protecting you, by installing its own shell handler that is not vulnerable to this infection. It will also issue an alert when a malicious shortcut is encountered that is trying to exploit this vulnerability.

For those who want to protect themselves without losing functionality in the Windows GUI, then the Sophos tool looks like the way to go.




BC AdBot (Login to Remove)

 


#2 Beenthere

Beenthere

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 28 July 2010 - 03:52 PM

thanks for notifying

#3 Guest_hipityhopscott_*

Guest_hipityhopscott_*

  • Guests
  • OFFLINE
  •  

Posted 28 July 2010 - 06:38 PM

I downloaded it. Is it running in the background? Thanks by the way!! :thumbsup:

#4 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA

Posted 28 July 2010 - 08:17 PM

No it does not run in the background. It made the necessary changes when it was installed.

#5 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 29 July 2010 - 11:39 AM

I put it up onto my twitter for all to see and use, many thanks for sharing Grinler!

#6 RobertMorr

RobertMorr

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:04:41 AM

Posted 29 July 2010 - 09:31 PM

I love that it doesn't run in the background. :thumbsup:

#7 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 30 July 2010 - 05:10 PM

On Monday, Microsoft will be releasing an OOB patch to address this vulnerability.

Out of Band Release to address Microsoft Security Advisory 2286198

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:41 PM

Posted 02 August 2010 - 01:17 PM

The update is finally available for download: :thumbsup:

http://www.microsoft.com/technet/security/...n/MS10-046.mspx

cXfZ4wS.png


#9 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:41 AM

Posted 02 August 2010 - 02:09 PM

Thanks for posting!

#10 teamo

teamo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 August 2010 - 04:46 AM

The update is finally available for download: :thumbsup:

http://www.microsoft.com/technet/security/...n/MS10-046.mspx


yes. finally :flowers:

#11 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 09 August 2010 - 05:03 PM

So a question Grinler, what of these two ways of doing this is best?

Sophos or Microsoft?

Edited by KarstenHansen, 09 August 2010 - 05:05 PM.


#12 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:41 AM

Posted 09 August 2010 - 05:30 PM

I always stick with Microsoft. I feel its important to stick with the original developers patches if possible.

#13 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 PM

Posted 11 August 2010 - 07:33 AM

Yeah that would also be what I was thinking, but sophos was just a little faster with the development process this time. And so if you installed sophos solution and tries the MS one it will just tell you that you already got it.

So running MS patch did work but as sophos was there first, no need for the patch (or so my system tells me) ;)

Edited by KarstenHansen, 11 August 2010 - 07:34 AM.


#14 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:04:41 AM

Posted 11 August 2010 - 08:34 AM

Microsoft Security Advisory 2286198 is included in the big 12 update I did today. Just to add, the big update didn't take a long time and went smooth. Things are still working correctly.

#15 doctorphibes

doctorphibes

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 11 August 2010 - 11:31 PM

Thanks Grinler,
How typical that someone outside the loop at Sophos is better at patching Windows better than MS. Someone at Sophos should get a nice fat "thank you" check from Gates. Windows users should all send a thank you note to Sophos.
I am enough of the artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world. Albert Einstein




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users