Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: AutoRun disabling patch released - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AutoRun disabling patch released

Microsoft released a patch to correct the "disable autorun registry key" enforcement.
Updates are offered for the following OSes:
* Microsoft Windows 2000
* Windows XP Service Pack 2
* Windows XP Service Pack 3
* Windows Server 2003 Service Pack 1
* Windows Server 2003 Service Pack 2

The US Cert released an announcement stating that "Microsoft Windows does not disable AutoRun properly" back on January 20th.

"Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability."

The Conficker worm spreads via autorun and we have run several diaries about autorun issues.
Conficker ->
PictureFrame malware ->
PictureFrame Malware2 ->


206 Posts
Feb 25th 2009
That makes this my third attempt now to disable AutoRun as per Microsoft own instructions.

Sign Up for Free or Log In to start participating in the conversation!