Jump to content

Cert-windows Does Not Disable Auto Play Properly


Recommended Posts



The U.S. Computer Emergency Readiness Team (US-CERT) has issued a technical cyber-security alert to warn that Microsoft's guidelines for disabling AutoRun in the Windows operating system "are not fully effective" and argues that this "could be considered a vulnerability."


The U.S. CERT warning comes on the heels of live malware/worm attacks that take advantage of the Windows AutoRun and AutoPlay features to improve propagation.


[ SEE: Is there no end to the AutoRun madness? ]


Here's the skinny on Microsoft's hiccup:


  • The Autorun and NoDriveTypeAutorun registry values are both ineffective for fully disabling AutoRun capabilities on Microsoft Windows systems. Setting the Autorun registry value to 0 will not prevent newly connected devices from automatically running code specified in the Autorun.inf file. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed. According to Microsoft, setting the NoDriveTypeAutorun registry value to 0xFF "disables Autoplay on all types of drives." Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer.
This means that malware authors can place an Autorun.inf file on a device to automatically execute arbitrary code when the device is connected to a Windows system. Code execution may also take place when the user attempts to browse to the software location with Windows Explorer, US-CERT warned.


The alert includes instructions for editing the registry to properly disable AutoRun in Microsoft Windows.







Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...