Sophos Shortcut Exploit Protection Tool is to my knowledge one of the first free security tools provided by Sophos. The company has previously only offered trial versions on very rare circumstances. While simple, the Sophos Shortcut Exploit Protection Tool should not be ignored because it offers very important protection capability.
Update 8/2: Microsoft has release a KB update KB2286198 for Windows 7 to solve the shortcut problem. Download it here
The vulnerability, Microsoft Security Advisory 2286198, affects all Windows Operating Systems including Windows XP SP3, Vista, Windows 2003 server, Windows 2008 and Windows 7 including 32 bit and 64 bit editions. The vulnerability affects all shortcuts on a Windows system. And guess what, the shortcut doesn’t even have to be clicked. All that needs to happen is the user simply needs to view the shortcut image (for example just “looking at ones desktop”). As one can deduce this is a huge vulnerability because one doesn’t even need to click on anything. Even worse practically every Windows system is vulnerable and there has already been active malware using this vulnerability. In fact, the Stuxnet worm specifically targeted US SCADA systems (the command and control systems for nuclear power plants and utilities; comforting huh?)
As of today, there has been no official patch by Microsoft to fix this vulnerability. There have been some attempts to fix the shortcut vulnerability by blanking out all of the .LNK shortcut files meaning all icons look the same (not really a practical fix for users). However, Sophos has released the Shortcut Exploit Protection Tool which does not require all the icons to be blanked out. Why Sophos released a fix before Microsoft is beyond me.
Installation:
The Sophos Shortcut Exploit Protection Tool arrives in an .MSI install package and is 2.4 megabytes in size. The .MSI installer means that the Protection Tool can be easily distributed quickly across an organization domain. The installation was a breeze simply click next twice and the install finishes. Two complaints are that there isn’t any pop-up or acknowledgement that the protection is active and there isn’t any protection for .PIF shortcuts. Sophos has also assured users that the Shortcut Exploit Protection Tool is compatible with free antivirus programs and won’t cause any conflicts
