CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.
AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted. According to Microsoft, this feature can be disabled for all drives by setting the value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" registry key to "0xFF". However, as Windows Vista fails to properly handle the mentioned registry key, this may still result in programs being executed automatically when a media is inserted even with the registry key value set to "0xFF".
Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g. USB device).
Restrict access to affected systems.
Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives.
Provided and/or discovered by:
Will Dormann and Jeff Gennari, CERT/CC.
Windows Vista, Security, Vulnerability, Malicious Code