G Data introduces hotfix for Windows shortcut vulnerability
G Data has followed Sophos by launching a free solution to protect users against the Windows operating system flaw.
Claiming that the workaround that was issued by Microsoft was ‘very impractical and not a satisfactory workaround to the problem', it has launched the ‘G Data LNK Checker'. The free download blocks the automatic execution of the referenced malicious file and displays regular icons as usual.
The company claimed that the G Data LNK Checker functions independently from an installed security suite and supplements it with generic protection against automatic execution of linked malware.
After the installation, the G Data LNK Checker monitors the creation of shortcut icons and prevents the automatic execution of code on the display of icons. Desktop symbols with popular and safe mechanisms are displayed as usual, but if the malicious mechanism is detected, a red warning signal icon is displayed.
It claimed that once Microsoft has patched the security flaw and the user has downloaded and installed the respective Windows update, the LNK Checker can be uninstalled.
Ralf Benzmueller, head of G Data Security Labs, said: “This recent security flaw gives cyber criminals a wide range of new possibilities to infect a PC. They only need to make sure that a .lnk file is displayed on the computer. The file, which the link refers to, does not necessarily need to be on the computer – it can even be on the internet.
“Not only users of memory sticks are affected. In a company's IT network, for example, it is enough to save a primed and infected file on the network drive. Even basic software, like word processing programs and email clients, provide the possibility to display shortcuts. The potential for abuse is enormous. We expect that this vulnerability will be massively exploited shortly.”