Microsoft Windows autorun.inf Vulnerability

Solution:
There are two registry settings that control which drives can be recognized by the Autorun feature, both located in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoDriveTypeAutoRun
This value specifies drive types that will be checked for Autorun.inf files.
Each bit of the first byte of the value corresponds to a drive type, and a value of 1 disables Autorun for that drive type. Starting with bit 0, the types are: Unknown, No_Root_Dir, Removable, Fixed, Remote, CDROM, Ramdisk. The last bit is reserved for future drive types. For example, a setting of 0xDF (11011111) will enable Autorun on CDROMs only.

NoDriveAutoRun
This value specifies which drives, by drive letter, will have Autorun enabled or disabled. The first bit is drive A:, second is B: and so on. Once again, 0 enables and 1 disables. For example, a setting of 0xFFFFFFF7 (11111111111111111111111111110111) will enable Autorun for drive D: only.



 

Privacy Statement
Copyright 2010, SecurityFocus