In the fist February 2011, Patch Tuesday released last night, Microsoft distributed a security fix that disables Autorun with USB drives and other forms of removable storage on Windows Vista, XP and 2000, and Server 2008 and 2003. Windows 7 by default has Autorun disabled for removable storage, so this is just bringing the older OSs into line.
Until now, those versions dutifully executed code embedded in autorun.inf files without first prompting the user. The default behavior provided a convenient way to propagate malware such as Conficker, which hijacked the feature to spread itself each time an infected drive was inserted.
Incidentally, because Microsoft says it hasn't seen an in-the-wild malware attack that uses CDs or DVDs, AutoPlay will still work with "shiny media."
Weighing the minimal amount of convenience from Autorun against its potential for bad things to happen, we still think it's a bad idea, even for CDs and DVDs. Those who agree can turn it off entirely by following the instructions KB967715.
[Source]
Recommend this story
Email Newsletter
Missing out on the latest diTii.com news? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before your subscription is activated - please check your spam folder if you don't receive this.
About the AuthorDG