Sophos unveils tool to cover Windows zero-day vulnerability

Powered by SC Magazine
 

As industry waits for a patch.

Sophos has released a free tool to cover the Windows shortcut zero-day vulnerability.

With the flaw now exposed for over a week and only a workaround issued by Microsoft, Sophos has released a free tool to protect against the vulnerability. It said that the Sophos Windows shortcut exploit protection tool protects against the vulnerability which allows hackers to exploit a bug in the way that all versions of Windows handles .LNK shortcut files. 

It said that the tool intercepts shortcut files that contain the exploit, warning of the executable code that was attempting to run. That means it will stop malicious threats which use the vulnerability if they are on non-local disks, such as a USB stick.

Graham Cluley, senior technology consultant at Sophos, said: “So far we have seen the Stuxnet and Dulkis worms, as well as the Chymin Trojan horse, exploiting the shortcut vulnerability to help them spread and infect computer systems. Stuxnet made the headlines because it targeted the Siemens SCADA systems that look after critical infrastructure like power plants - but there's a warning for all computer users here. Details of how to exploit the security hole are now published on the web, meaning it is child's play for other hackers to take advantage and create attacks.

“The free tool from Sophos can be run alongside any existing anti-virus software, providing generic protection against the exploit.  Unlike Microsoft's workaround, it doesn't blank out all the shortcuts on your Windows Start Menu - meaning your life - and that of your users - will be less stressful.”

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote