Sophos provides free tool to protect against Windows ‘.LNK’ zero-day vulnerability
A few days ago I wrote about the LNK 0-day Windows vulnerability:
So forget about workarounds and concentrate on keeping your AV defences up to date – and hope that your AV supplier gets and stays on top of the problem at least until Microsoft patches the problem.
Some of the issues around the LNK zero-day vulnerability
Sophos has done just that by releasing a free tool to protect users.
So far we have seen the Stuxnet and Dulkis worms, as well as the Chymin Trojan horse, exploiting the shortcut vulnerability to help them spread and infect computer systems. Stuxnet made the headlines because it targeted the Siemens SCADA systems that look after critical infrastructure like power plants – but there’s a warning for all computer users here. Details of how to exploit the security hole are now published on the web, meaning it is child’s play for other hackers to take advantage and create attacks.
No-one knows when Microsoft will roll-out a proper patch for this critical security hole, and its current workaround leaves systems almost unworkable with broken-looking icons. The free tool from Sophos can be run alongside any existing anti-virus software, providing generic protection against the exploit. Unlike Microsoft’s workaround, it doesn’t blank out all the shortcuts on your Windows Start Menu – meaning your life – and that of your users – will be less stressful.
Graham Cluley, senior technology consultant at Sophos