LANDesk Patch News Bulletin: LANDesk Security Threat ST000209 for Disabling Autorun on Microsoft Windows is Available 23-JAN-2009

Version 2

    LANDesk Security and Patch News   

    Headlines

      (January 23, 2009) In order to address security issues that can be mitigated or lessened by disabling the autorun functionality in Microsoft Windows, LANDesk has created ST000209. This new Security Threat will check a Windows computer to see if autorun is enabled. If detected remediation can disable the autorun functionality through ST000209.

      LANDesk used the guidance provided by US-CERT to modify the registry for disabling autorun. See the text below for further details.   

              

    Description    

    Microsoft Windows Does Not Disable  AutoRun  Properly   

      

    Microsoft Windows includes an   AutoRun   feature, which can automatically run code when removable devices are connected to the computer. 

    Malicious software, such as W32.Downadup, is using   AutoRun   to spread. Disabling   AutoRun  , as specified in the CERT/CC Vulnerability Analysis blog, is an effective way of helping to prevent the spread of malicious code. 

         

    The   Autorun   and   NoDriveTypeAutorun   registry values are both ineffective for fully disabling   AutoRun   capabilities on Microsoft Windows systems. Setting the   Autorun   registry value to 0 will not prevent newly connected devices from automatically running code specified in the Autorun.inf file. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed. According to Microsoft, setting the   NoDriveTypeAutorun   registry value to 0xFF "disables   Autoplay   on all types of drives." Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer. 

      

      http://www.us-cert.gov/cas/techalerts/TA09-020A.html

      

    New Vulnerabilities   

    ·         ST000209

    Changed Vulnerabilities

    ·         Vulnerability ID – N/A

    New Patch Downloads   

    ·         N/A

    Where to Send Feedback   

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

    Best regards,

    LANDesk Product Support

    Copyright © 2009 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com/.