Security Issue: Windows Vista "NoDriveTypeAutoRun"

CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings. AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted. According to Microsoft, this feature can be disabled for all drives by […]

CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.

AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted. According to Microsoft, this feature can be disabled for all drives by setting the value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" registry key to "0xFF". However, as Windows Vista fails to properly handle the mentioned registry key, this may still result in programs being executed automatically when a media is inserted even with the registry key value set to "0xFF".

Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g. USB device).

Solution:
Restrict access to affected systems.

Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives.

Provided and/or discovered by:
Will Dormann and Jeff Gennari, CERT/CC.

Original Advisory:
US-CERT VU#889747:
http://www.kb.cert.org/vuls/id/889747

Source:→ Secunia

Windows Vista, Security, Vulnerability, Malicious Code