The windows autorun feature has been a cake for the malware and botnet creators, based on which they designed many attacks. Being a main aid to trojans and viruse like Conficker, Taterf, Rimecud, Autorun, etc, the autorun was more seen to be as a vulnerability than a feature.
PCs using Windows XP were the most exploited ones due to the autorun feature. According to Microsoft, Windows XP users were 10 times more likely to get exploited due to the Autorun feature compared to others. Learning from past, Windows 7 was launched with a different configuration of Autorun through which Microsoft was successful in reducing the autorun-abusing malware attacks.
Now, Microsoft wants to resolve the autorun issue in Windows XP too. In a technet blog, Adam Shostack, a program manager of TWC Security has announced to release an “Important, non-security update” that would install the security protocols used in Windows 7 in to Windows XP.
As per the new protocol:
- The autorun feature is confined to work only for CD/DVDs and will no longer support non-optical removal media like USB drives.
- The dialog box of Autoplay clarifies that the program being executed is running from external media.
For updating it manually in Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008, visit http://support.microsoft.com/kb/971029.