Microsoft introduced an automated tool of its own on July 21 that will block any attempts to exploit the vulnerability of .LNK shortcut files. However, the software giant's homegrown fix replaces the graphics-based icons on the PC 's Task and Start menu bars with generic white icons.

The free tool downloads from G Data and Sophos likewise block the automatic execution of malicious code but display the PC icons in their usual graphic form. "Microsoft's current workaround leaves systems almost unworkable with broken-looking icons," noted Graham Cluley, a senior technology consultant at Sophos.

Warning Users

Microsoft warned earlier this month that the shortcut vulnerability in Windows can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. Moreover, an exploit can be included in specific document types that support embedded shortcuts, the software giant's security team said.

The free third-party tools from Sophos and G Data, which run alongside existing antivirus software, will intercept any shortcut files that contain the exploit and even warn users about the executable code that attempted to run. For example, the G Data tool displays safe desktop symbols in their usual form but activates a red warning icon if a malicious mechanism is detected.

Fixing the problem is important because the vulnerability gives cybercriminals a wide range of possibilities for infecting a PC, noted Ralf Benzmueller, head of G Data SecurityLabs. "They only need to make sure that a .LNK file is displayed on the computer," Benzmueller explained. "The file which the link refers to does not necessarily need to be on the computer -- it can even be on the Internet."

Enterprise Exposure

The Stuxnet and Dulkis worms, as well as the Chymin Trojan horse, have been exploiting this vulnerability to help spread and infect computer systems, Cluley said. Stuxnet made headlines recently because it targeted the infrastructure for critical facilities such as power plants, he said.

"There's a warning for all computer users here," Cluley said. "Details of how to exploit the security hole are now published on the web, meaning it is child's play for other hackers to take advantage and create attacks."

Since this operating-system design flaw also applies to Windows Server 2003, Windows Server 2008, and Windows Server R2, IT administrators need to take steps to ensure that networks are not vulnerable to shortcut exploits.

"In a company's IT network, for example, it is enough to save a primed and infected file on the network drive," Benzmueller explained. "Even basic software -- like word-processing programs and e-mail clients -- provide the possibility to display shortcuts. We expect that this vulnerability will be massively exploited shortly."