Tuesday, August 3, 2010

Sophos vs. Windows Shortcut

Sophos, a security firm, recently released software meant to guard PCs against attacks looking to take advantage of Windows shortcuts. The bug was discovered and reported by VirusBlokAda in June, but did not receive a lot of attention until blogger, Brian Krebs, reported it on July 15th. Microsoft confirmed the vulnerability the next day. The company, and others, did report several attacks, including one in which a German customer's computer was infiltrated. Well over 50% of the attacks seen so far were in Iran.

While Microsoft refused to endorse Sophos' software, which is its position in these cases, the company did not say whether or not the software actually works. Microsoft instead told consumers to apply the workaround in Security Advisory 2286198. Microsoft's workaround basically requires one to disable... Windows; Sophos' tool leaves shortcuts untouched.

Windows 7 automatically updated yesterday. The update was small and loaded quickly, but did require a reboot. I do not know if that was a patch for the shortcut exploitation or not. The Sophos tool appears in the Control Panel's Programs list, and can be easily removed once Microsoft fixes the bug.

The Sophos software works on all versions of Windows except 2000. All versions of Windows are susceptible to attack. You can download the software free.

© C Harris Lynn, 2010

No comments: