One of the updates of yesterday's patch day slipped through my grasps, mainly because I'm running Windows 7 and the update was not for that operating system. Ghacks reader Ilev let me know about it in the comments of my patch day overview guide Microsoft Security Bulletin Overview February 2011.
Autorun has been a problematic feature for some time in a security context as it provides the means to automatically run files on removable drives, network shares, optical discs and other media if an autorun.inf file is present.
The update for Windows Autorun has been available for some time. To be precise, it was first released on February 24 by Microsoft and originally made available on the company's Download Center. Administrators had to manually download the update and install it on devices to benefit from better protection against autorun attacks.
Yesterday changed the manual nature of the update as Microsoft pushed it on Windows Update; any device with Windows Update set to automatic receives this autorun update automatically.
The update applies to all pre-Windows 7 Microsoft operating systems including Windows XP, Windows Vista and the server operating systems Windows Server 2003 and 2008. Windows 7 is not affected as it already has the restriction in place.
The update restricts AutoPlay functionality to "CD and DVD media". This protects customers "from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file".
It basically blocks AutoPlay on all devices and media except CD and DVD media even if they contain an autorun.inf file. The only information that is accepted from autorun files is label and icon, any other keys, e.g. action which links to a file, are ignored.
Customers may experience several issues after applying the update, including:
The update is only offered if it has not already been installed on the system. Additional information about the update are available at Microsoft's Security Advisory and the blog post Deeper insight into the Security Advisory 967940 update by Adam Shostack.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.