Aaron Parker » Security http://blog.stealthpuppy.com on application delivery with application virtualization, server-based computing, desktop virtualization and more Thu, 05 Jan 2012 16:09:55 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Microsoft issues update to fix disabling Autorun http://blog.stealthpuppy.com/security/microsoft-issues-update-to-fix-disabling-autorun/ http://blog.stealthpuppy.com/security/microsoft-issues-update-to-fix-disabling-autorun/#comments Wed, 25 Feb 2009 08:30:36 +0000 Aaron Parker http://blog.stealthpuppy.com/?p=936 Continue reading

Creative Commons LicenseMicrosoft issues update to fix disabling Autorun is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

]]> Autorun icon (kinda)Microsoft has issued an security advisory for a non-security update (I know, sounds odd, but bear with me) - Microsoft Security Advisory (967940), Update for Windows Autorun. Specifically this update fixes an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.

IT World has covered the update and US-CERT actually issued a security alert about the issue last month – Microsoft Windows Does Not Disable AutoRun Properly. The US-CERT article has guidance on disabling AUTORUN.INF completely via the IniFileMapping feature – something that Nick Brown covered back in 2007.

There are actually two knowlegebase articles that cover the issue and the update: How to correct “disable Autorun registry key” enforcement in Windows (967715) and How to correct “disable Autorun registry key” enforcement in Windows (953252). You’ll only need to read the first.

On Windows XP/2003 the update does two things – updates SHELL32.DLL and creates the registry value: HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer HonorAutorunSetting. You can download the updates here:

For Windows Vista and Windows Server 2008, this issue was addressed in Microsoft Security Bulletin MS08-038, released July last year. You’ve deployed that update right?

So the question is then, does Autorun have a place in corporate environments? I think the answer is no – a little tradeoff in usability for a big gain in security. Here’s a few interesting articles by Steve Riley and Jesper Johasson on the subject:

If we only learn two things from Conficker, they should be patch early and disable Autorun. If you’re not on top of this, you could potentially leave yourself open for a world of hurt.

Creative Commons LicenseMicrosoft issues update to fix disabling Autorun is post from stealthpuppy.com. Except as noted otherwise, this work is © 2005-2012 Aaron Parker and is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.

]]> http://blog.stealthpuppy.com/security/microsoft-issues-update-to-fix-disabling-autorun/feed/ 0