LANDesk Security and Patch News
(January 23, 2009) In order to address security issues that can be mitigated or lessened by disabling the autorun functionality in Microsoft Windows, LANDesk has created ST000209. This new Security Threat will check a Windows computer to see if autorun is enabled. If detected remediation can disable the autorun functionality through ST000209.
LANDesk used the guidance provided by US-CERT to modify the registry for disabling autorun. See the text below for further details.
Microsoft Windows Does Not Disable AutoRun Properly
Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer.
Malicious software, such as W32.Downadup, is using AutoRun to spread. Disabling AutoRun , as specified in the CERT/CC Vulnerability Analysis blog, is an effective way of helping to prevent the spread of malicious code.
The Autorun and NoDriveTypeAutorun registry values are both ineffective for fully disabling AutoRun capabilities on Microsoft Windows systems. Setting the Autorun registry value to 0 will not prevent newly connected devices from automatically running code specified in the Autorun.inf file. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed. According to Microsoft, setting the NoDriveTypeAutorun registry value to 0xFF "disables Autoplay on all types of drives." Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer.
· Vulnerability ID – N/A
New Patch Downloads
Where to Send Feedback
At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
LANDesk Product Support
Copyright © 2009 LANDesk Software. All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesk.com/.