Wednesday, July 28, 2010

Free Tools Can Fix Windows Shortcut Vulnerability

Free tools fix a Windows Shell vulnerability that allows shortcuts to execute malicious code. The tools from G Data Software and Sophos also fix a problem in Microsoft's solution that turns icons into "broken" generic white icons. The Windows Shell vulnerability gives cybercriminals many ways to infect a PCs.
Security firms G Data Software and Sophos have released free tools that eliminate a vulnerability in an operating-system component called the Windows Shell for Windows XP, Windows Vista, and Windows 7. According to Microsoft, the vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed whenever the icon of a specially crafted shortcut is displayed.

Microsoft introduced an automated tool of its own on July 21 that will block any attempts to exploit the vulnerability of .LNK shortcut files. However, the software giant's homegrown fix replaces the graphics-based icons on the PC's Task and Start menu bars with generic white icons.

The free tool downloads from G Data and Sophos likewise block the automatic execution of malicious code but display the PC icons in their usual graphic form. "Microsoft's current workaround leaves systems almost unworkable with broken-looking icons," noted Graham Cluley, a senior technology consultant at Sophos.

Warning Users

Microsoft warned earlier this month that the shortcut vulnerability in Windows can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. Moreover, an exploit can be included in specific document types that support embedded shortcuts, the software giant's security Relevant Products/Services team said.

The free third-party tools from Sophos and G Data, which run alongside existing antivirus software, will intercept any shortcut files that contain the exploit and even warn users about the executable code that attempted to run. For example, the G Data tool displays safe desktop symbols in their usual form but activates a red warning icon if a malicious mechanism is detected.

Fixing the problem is important because the vulnerability gives cybercriminals a wide range of possibilities for infecting a PC, noted Ralf Benzmueller, head of G Data SecurityLabs. "They only need to make sure that a .LNK file is displayed on the computer," Benzmueller explained. "The file which the link refers to does not necessarily need to be on the computer -- it can even be on the Internet."

No comments:

Post a Comment