Microsoft has, at long last, put the brakes on the notoriously exploitable Autorun feature found in older versions of Windows. Arguably synonymous with "autoinfect," the Autorun feature is directly responsible for helping propagate worms by giving bad guys a way to easily spread malware via USB devices.
Autorun works by automatically executing code embedded in autorun.inf files on USB devices and other portable media. The change to Autorun, pushed out Tuesday among an array of security patches, disables Autorun via Windows Upate. Disabling the feature previously required manually tweaking the registry or applying a roundabout fix.
The update affects Windows Server 2008 and pre-Windows 7 versions of the desktop OS. Windows 7 comes with Autorun pre-disabled.
Importantly, the change does not affect the behavior of autoplay, which automatically executes the code on CDs and DVDs. Microsoft offer website guidance on its on how to disable that feature.
No comments:
Post a Comment