Tuesday, 27 July 2010

Secure your computer against Windows .lnk shortcut zero day vulnerability

If you use Windows, you should install anti-malware vendor Sophos's free Windows Shortcut Exploit Protection Tool ASAP - so called because a recently discovered "zero day exploit" enables attackers to use Windows shortcut link files (.lnk files) to run malicious code on your computer when you visit a dodgy website, open a dodgy document, plug in a dodgy USB stick (or open an infected folder on your network, load a dodgy DVD or CD - you get the drift, anything that gets Windows to display the icon of a manipulated file).

You don't even have to click anything to get infected. Bad guys have been having a field day with this security vulnerability but unfortunately Microsoft haven't issued a full fix yet (their suggested workaround blanks out your Start menu shortcut icons), so kudos to Sophos for announcing the provision of their free tool to block the exploit from running on your computer.

Just check your computer for malware first (there are free tools to do that, e.g. NOD32 ESET and Microsoft's Security Essentials), then download the Sophos tool and run it (or click the link and click Run) to install Sophos's blocking tool. Sophos say it won't interfere with any existing anti virus software.

Here's a Sophos video with more info about the problem.

No comments: