Microsoft's Instructions For Disabling Autorun Don't Work


Recommended Posts

Jan 22, 2009

Microsoft's instructions for disabling AutoRun don't work

US-CERT has published a Technical Cyber Security Alert warning of problems with disabling the Windows AutoRun/AutoPlay functions. It seems that the method described by Microsoft, of configuring the AutoRun and NoDriveTypeAutorun registry keys, doesn't completely disable the AutoRun and AutoPlay functions. When they are completely disabled, a program on a mobile storage device will not run as soon as the device is connected, nor will the AutoPlay dialogue pop up with suggestions for further steps.

Several sources report that the Conficker worm now going around is exploiting the incorrect configuration of the AutoRun and AutoPlay functions, by inducing users to run the worm when they plug in an infected USB stick. The worm brings up a fake icon in the AutoPlay display that may fool an unwary user into clicking it thinking they are opening a folder, but they are instead unleashing the worm.

Heise security: http://www.heise-online.co.uk/security/Mic...k--/news/112469

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...