Disable autorun in windows
5 views
Skip to first unread message
Erez
Mar 11, 2009, 12:22:33 PM3/11/09
to Erez Kalman
Full information:
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
Solution:
To effectively disable AutoRun in Microsoft Windows, import the
following registry value:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
To import this value, perform the following steps:
1. Copy the text
2. Paste the text into Windows Notepad
3. Save the file as "autorun.reg"
Note: In certain circumstances, Notepad may automatically add
a .txt extension to saved files. To ensure that the file is saved with
the proper extension, select All Files in the "Save as type:" section
of the "Save As" dialog.
4. Navigate to the file location
5. Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted
devices in the MountPoints2 registry key. We recommend restarting
Windows after making the registry change so that any cached mount
points are reinitialized in a way that ignores the Autorun.inf file.
Alternatively, the following registry key may be deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution
scenarios described above will be mitigated because Windows will no
longer parse Autorun.inf files to determine which actions to take.
Further details are available in the CERT/CC Vulnerability Analysis
blog. Thanks to Nick Brown and Emin Atac for providing the workaround
and to Aryeh Goretsky for pointing out a possible issue with Notepad
appending a .txt file extension.
Update:
Microsoft has published Microsoft Knowledge Base Article 967715, which
describes how to correct the problem of NoDriveTypeAutoRun registry
value enforcement. After the update is installed, Windows will obey
the NoDriveTypeAutorun registry value. Note that this fix has been
released via Microsoft Update to all affected systems. The previous
update, described in Microsoft Knowledge Base Article 953252, was only
available through Microsoft Update for Windows Vista and Windows
Server 2008, and for manual installation on other affected platforms.
Microsoft states the that systems that already applied the update from
Microsoft Knowledge Base Article 953252 do not need to apply the
update from Microsoft Knowledge Base Article 967715 because the
changes are the same. Additional details about the update can be found
in Microsoft Security Advisory (967940). Our testing has shown that
installing this update and setting the NoDriveTypeAutoRun registry
value to 0xFF will disable AutoRun as effectively as the workaround
described above.
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
Solution:
To effectively disable AutoRun in Microsoft Windows, import the
following registry value:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
To import this value, perform the following steps:
1. Copy the text
2. Paste the text into Windows Notepad
3. Save the file as "autorun.reg"
Note: In certain circumstances, Notepad may automatically add
a .txt extension to saved files. To ensure that the file is saved with
the proper extension, select All Files in the "Save as type:" section
of the "Save As" dialog.
4. Navigate to the file location
5. Double-click the file to import it into the Windows registry
Microsoft Windows can also cache the AutoRun information from mounted
devices in the MountPoints2 registry key. We recommend restarting
Windows after making the registry change so that any cached mount
points are reinitialized in a way that ignores the Autorun.inf file.
Alternatively, the following registry key may be deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution
scenarios described above will be mitigated because Windows will no
longer parse Autorun.inf files to determine which actions to take.
Further details are available in the CERT/CC Vulnerability Analysis
blog. Thanks to Nick Brown and Emin Atac for providing the workaround
and to Aryeh Goretsky for pointing out a possible issue with Notepad
appending a .txt file extension.
Update:
Microsoft has published Microsoft Knowledge Base Article 967715, which
describes how to correct the problem of NoDriveTypeAutoRun registry
value enforcement. After the update is installed, Windows will obey
the NoDriveTypeAutorun registry value. Note that this fix has been
released via Microsoft Update to all affected systems. The previous
update, described in Microsoft Knowledge Base Article 953252, was only
available through Microsoft Update for Windows Vista and Windows
Server 2008, and for manual installation on other affected platforms.
Microsoft states the that systems that already applied the update from
Microsoft Knowledge Base Article 953252 do not need to apply the
update from Microsoft Knowledge Base Article 967715 because the
changes are the same. Additional details about the update can be found
in Microsoft Security Advisory (967940). Our testing has shown that
installing this update and setting the NoDriveTypeAutoRun registry
value to 0xFF will disable AutoRun as effectively as the workaround
described above.
Erez
Mar 11, 2009, 12:23:57 PM3/11/09
to Erez Kalman
Update!
Microsoft has issued a KB if installed the description in the KB shows
how to effectively block autorun instead of the workaround above.
http://support.microsoft.com/kb/967715
Microsoft has issued a KB if installed the description in the KB shows
how to effectively block autorun instead of the workaround above.
http://support.microsoft.com/kb/967715
Reply all
Reply to author
Forward
0 new messages