Friday, March 21, 2008 9:02 AM
cmosby
Windows Vista "NoDriveTypeAutoRun" Security Issue - Advisories - Secunia
Windows Vista "NoDriveTypeAutoRun" Security Issue
Secunia Advisory:
SA29458
Release Date:
2008-03-21
Critical:
Not critical
Impact:
Security Bypass
Where:
Local system
Solution Status:
Unpatched
OS:
Microsoft Windows Vista
CVE reference:
CVE-2008-0951 (Secunia mirror)
Description:
CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.
AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted. According to Microsoft, this feature can be disabled for all drives by setting the value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" registry key to "0xFF". However, as Windows Vista fails to properly handle the mentioned registry key, this may still result in programs being executed automatically when a media is inserted even with the registry key value set to "0xFF".
Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g. USB device).
Solution:
Restrict access to affected systems.
Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives.
Provided and/or discovered by:
Will Dormann and Jeff Gennari, CERT/CC.
Original Advisory:
US-CERT VU#889747:
http://www.kb.cert.org/vuls/id/889747
Source: Windows Vista "NoDriveTypeAutoRun" Security Issue - Advisories - Secunia
Filed under: Patch Management, Microsoft Windows, Security, Software Vulnerabilites