Microsoft shuts down malware-friendly Autorun

Microsoft has finally disabled the feature in older Windows versions that helped spread worms like Conficker

Microsoft has, at long last, put the brakes on the notoriously exploitable Autorun feature found in older versions of Windows. Arguably synonymous with “autoinfect,” the Autorun feature is directly responsible for helping propagate worms by giving bad guys a way to easily spread malware via USB devices.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Autorun works by automatically executing code embedded in autorun.inf files on USB devices and other portable media. The change to Autorun, pushed out Tuesday among an array of security patches, disables Autorun via Windows Upate. Disabling the feature previously required manually tweaking the registry or applying a roundabout fix.

The update affects Windows Server 2008 and pre-Windows 7 versions of the desktop OS. Windows 7 comes with Autorun pre-disabled.

Importantly, the change does not affect the behavior of autoplay, which automatically executes the code on CDs and DVDs. Microsoft offer website guidance on its on how to disable that feature.