Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: AutoRun disabling patch released - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AutoRun disabling patch released

Microsoft released a patch to correct the "disable autorun registry key" enforcement.
http://support.microsoft.com/kb/967715
Updates are offered for the following OSes:
* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

The US Cert released an announcement stating that "Microsoft Windows does not disable AutoRun properly" back on January 20th.
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

"Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability."

The Conficker worm spreads via autorun and we have run several diaries about autorun issues.
Conficker -> http://isc.sans.org/diary.html?storyid=5695
PictureFrame malware -> http://isc.sans.org/diary.html?storyid=3817
PictureFrame Malware2 -> http://isc.sans.org/diary.html?storyid=3807

donald

206 Posts
ISC Handler
That makes this my third attempt now to disable AutoRun as per Microsoft own instructions.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!