RSS Alerts

Share

More services

Related Links

Related Stories

  • Downadup Gathers Steam Amid Vendor Confusion
    As the Downadup worm continued its inexorable spread across the Internet last week, US-CERT issued an advisory claiming that Microsoft instructions for stopping one of its infection techniques were inadequate.
  • Batten down the hatches
    Due to the horrifying quantity of vulnerabilities, and often limited time and budget, application and database security can be quite a headache. Limiting privileges and access, however, is a good place to start, finds Danny Bradbury
  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry
  • News Feature: Time to Avoid the Droid?
    Finally, hype has matched reality in the world of mobile security. Drew Amorosi chronicles the recent ups and downs of the bustling Android Market to find out why it is in the crosshairs of the security industry

Top 5 Stories

News

US-CERT warns Microsoft Windows autorun off advice is flawed

22 January 2009

The US Computer Emergency Readiness Team (US-CERT) has warned Microsoft's advice on how to turn off the autorun option within Windows is not effective.

 

The autorun option is being used by a number of worm attacks to trigger a malware infection. As a result of this, Microsoft has issued an advisory to IT managers and other interested parties on how to turn off the autorun option.
The problem, says US-CERT officials, is that Microsoft's advice on changing the Autorun and NoDriveTypeAutorun registry values is ineffective as setting the Autorun registry value to 0 - as the software giant is recommending - will not prevent newly connected devices from automatically running program code specified in the
Autorun.inf file.
Perhaps worse, Infosecurity notes, the registry changes will disable Media Change Notification messages, which may prevent Windows from detecting when a CD or DVD is changed.
Microsoft says that setting the NoDriveTypeAutorun registry value to 0xFF "disables Autoplay on all types of drives."
US-CERT, however, reports that even with this value set, Windows can execute arbitrary program code when the user clicks the icon for the device in Internet Explorer.
This means that malware authors and hackers can place an Autorun.inf file on a device to automatically execute arbitrary code when the device is connected to a Windows system.
US-CERT also advises that code execution can also take place when the user attempts to browse to the software location with Internet Explorer.

 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012