Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Free Tool Available For Protection Against Unpatched Security Flaw

Sophos : 27 July, 2010  (New Product)
Sophos has released a free tool available for download which protects Windows users against the latest zero day vulnerability which exploits shortcuts
IT security and data protection firm Sophos has released a free tool to protect against a Windows zero-day vulnerability that is being actively exploited to infect computers.

The Sophos Windows Shortcut Exploit Protection Tool protects against a high profile vulnerability that allows malicious hackers to exploit a bug in the way that all versions of Windows handles .LNK shortcut files. If Windows just displays the icon of an exploited shortcut file, malicious code can be executed - without requiring any interaction by the user.

But Sophos's free tool intercepts shortcut files that contain the exploit, warning of the executable code that was attempting to run. That means it will stop malicious threats which use the vulnerability if they are on non-local disks, such as a USB stick.

'So far we have seen the Stuxnet and Dulkis worms, as well as the Chymin Trojan horse, exploiting the shortcut vulnerability to help them spread and infect computer systems. Stuxnet made the headlines because it targeted the Siemens SCADA systems that look after critical infrastructure like power plants - but there's a warning for all computer users here,' said Graham Cluley, senior technology consultant at Sophos. 'Details of how to exploit the security hole are now published on the web, meaning it is child's play for other hackers to take advantage and create attacks.'

'No-one knows when Microsoft will roll-out a proper patch for this critical security hole, and its current workaround leaves systems almost unworkable with broken-looking icons,' continued Cluley. 'The free tool from Sophos can be run alongside any existing anti-virus software, providing generic protection against the exploit. Unlike Microsoft's workaround, it doesn't blank out all the shortcuts on your Windows Start Menu - meaning your life - and that of your users - will be less stressful.'

Customers of Sophos products are already protected from the exploit, with affected .LNK shortcuts detected generically as Exp/Cplink-A or Troj/Cplink.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo