Published: 2009-01-22T02:35+00:00    Last Updated: 2009-03-01T01:57+00:00

Microsoft Windows Does Not Disable AutoRun Properly (TA09-020A)


Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability.

Event Information

Date (UTC)Description
2009-02-24 19:23 Microsoft
Microsoft Security Advisory (967940): Update for Windows Autorun
The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.
2009-01-21 04:42 US-CERT
TA09-020A: Microsoft Windows Does Not Disable AutoRun Properly
Via US-CERT Mailing List
2008-09-11 Microsoft
KB953252: How to correct "disable Autorun registry key" enforcement in Windows (Revision: 3.0)
This article describes how to obtain updates that correct these (AutoRun features) registry key settings.
2008-04-24 23:12 US-CERT
The Dangers of Windows AutoRun
Investigation report of the Microsoft AutoRun and AutoPlay features
A few months ago, reports of infected digital picture frames hit the media. I was curious about how the malicious code was being executed, so I began investigating the Microsoft AutoRun and AutoPlay features.

Other Information