Wednesday, February 25, 2009 1:18 PM cmosby

AutoRun disabling patch released – SANS Internet Storm Center

AutoRun disabling patch released
Published: 2009-02-25,
Last Updated: 2009-02-25 17:38:39 UTC
by donald smith (Version: 1)
1 comment(s) digg_url = 'http://isc.sans.org/diary.html?storyid=5938&rss'; digg_title = 'AutoRun disabling patch released'; digg_skin='compact'; digg_topic = 'security';

Microsoft released a patch to correct the "disable autorun registry key" enforcement.
http://support.microsoft.com/kb/967715
Updates are offered for the following OSes:
* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

The US Cert released an announcement stating that "Microsoft Windows does not disable AutoRun properly" back on January 20th.
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

"Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability."

The Conficker worm spreads via autorun and we have run several diaries about autorun issues.
Conficker -> http://isc.sans.org/diary.html?storyid=5695
PictureFrame malware -> http://isc.sans.org/diary.html?storyid=3817
PictureFrame Malware2 -> http://isc.sans.org/diary.html?storyid=3807

Keywords: autorun patch
1 comment(s) Filed under: , ,

Comments

No Comments