Free Toolset Fixes Windows Shortcut Flaw

Two third-party software companies have come together to release temporary fix for a highly contagious and critical zero-day flaw which affects all versions of the Windows operating system (OS).

The security flaw, which Microsoft says it knows about and is working on a permanent patch towards, makes users of Windows 2000 through Windows 7 vulnerable to attack if they open a desktop folder packing an infected .LNK file extension.

Microsoft Temp Fix Not Popular

Microsoft last week released its own temporary solution in the form of a workaround, but few users were very fond of a solution that simply disabled all desktop icons. (Source: newsfactor.com)

Better alternatives appear to have arrived on the scene thanks to separate security firms G Data and Sophos. G Data has released a 'LNK Checker' that bars automatic execution of files that are detected to be malicious. It displays icons that are not infected as they would normally appear, while those that are suspected of being affected by the issue show up with a red warning sign.

Sophos' option is called the Windows Shortcut Exploit Protection Tool and notifies users if it finds any infected links in Windows. It then blocks suspected malware from being executed.

Windows Shortcut Flaw: Highly Infectious

Head of G Data SecurityLabs Ralf Benzmueller thinks it's about time someone released a fix for what he feels is a very serious Windows vulnerability.

"This recent security flaw gives cyber-criminals a wide range of new possibilities to infect a PC," Benzmueller says. "They only need to make sure that a .LNK file is displayed on the computer. The file which the link refers to does not necessarily need to be on the computer -- it can even be on the Internet." (Source: guardian.co.uk)

In line with usual policy on third-party tools like these, Microsoft has refused to condone the Sophos or G Data fixes. The company plans its own patch in the near future, but it's impossible to know just how long we'll all have to wait.