Autorun

MSRC: Insight into the Security Advisory 967940 AutoRun update

by certifiedbug on February 13, 2011

in Microsoft

Microsoft Security Response Center
8 Feb 2011

In April 2009 we delivered a very public message to the Windows ecosystem that we were changing the behavior of Autorun in ways that improved security. We blogged on the progress of that transition, posting “AutoRun changes in Windows 7″ in April 2009. In November 2009, we posted “AutoPlay Windows 7 behavior backported” and we put out an update to do the same for older operating systems. We made that update available from the Download Center. That allowed anyone who wanted the update to seek it out and download it for themselves. Our partners expressed their concerns about that change, but by and large understood the reasons for it. Over the last few years, companies that needed the functionality incorporated U3 functionality into their devices. Others documented the change. Overall, the transition hasn’t been simple, but it has worked.

Today we are taking another important step to protect our customers. We’re putting the existing update into the Windows Update channel. This change has three important effects:

* We deliver the existing update to many more machines;
* We make it easier to deploy via WSUS;
* We help those organizations that, as a matter of their policy, only widely deploy updates that are in WU.

http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx
http://www.h-online.com/security/news/item/This-is-the-partial-end-of-Windows-AutoRun-1187321.html

{ 0 comments }

AutoRun changes in Windows 7

by certifiedbug on May 1, 2009

in Microsoft

Good news in the fight against Malware infections.

In order to help prevent malware from spreading (such as Conficker) using the AutoRun mechanism, the Windows 7 engineering team made two important changes to the product:

1. AutoPlay will no longer support the AutoRun functionality for non-optical removable media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. This will block the increasing social engineer threat highlighted in the SIR. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun (box in red) to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.

Security Research & Defense

This change will be present in the Release Candidate build of Windows 7. In addition, we are planning to release an update in the future for Windows Vista and Windows XP that will implement this new behavior.

The Microsoft Security Response Center (MSRC)
Changes in Windows to Meet Changes in Threat Landscape

{ 0 comments }