Microsoft leaves no chance for AutoRun

17th March 2009

Microsoft announced an automated delivery of a new patch meant for users of some versions of Windows. The main task of the patch is to eliminate vulnerability in Windows AutoRun.
This component of the operating system starts automatically when loading a CD or connecting a USB-drive. The patch was released a month later than the group of US Computer Emergency Readiness Team (US-CERT) officially announced the availability of the vulnerability in Windows 2000, XP and Server 2003.
According to experts, disabling AutoRun in the operating system prevents your computer`s infection. However, the proposed measures are not always effective.
Previously, Microsoft representatives had reported that advanced users can manually disable the AutoRun mechanism by editing the system registry. Unfortunately, it turned out that in some versions of Windows, AutoRun works even after this action. Manu users suffered sufficiently from this bug, for many malicious programs (eg, the worm of Conficker) use the AutoRun mechanism to get into the system from portable USB-devices.
We`d like to remind you that Microsoft previously offered users to manually download the patch, resolving the vulnerability. Users of Windows Vista and Windows Server 2008 a few months ago received the patch through the Automatic Updates system, but it never solved the problem in Windows 2000, XP and Server 2003.