Categories: PCSecurityWorkspace

AutoRun Worms Targeted By Latest Windows Updates

Microsoft continues to take aim at malware abusing the AutoRun feature in Windows – this time placing a fix into the Windows Update channel to prevent exploitation by attackers.

AutoRun is a feature that allows removable media such as USB devices and CDs to launch automatically whenever they are inserted; it is also one of the chief ways worms use to propagate.

Windows XP Users Most Vulnerable

In response to the problem, in Windows 7, Microsoft changed AutoPlay – the feature that allows users to decide what program starts when removable media is inserted – to end support for AutoRun for non-optical media such as USB drives. That capability was later made available for older versions of Windows through the Microsoft Download Centre.

Now, Microsoft is making the “non-security update” available via Windows Server Update Services, which is used by administrators to push updates out to users.

According to the Microsoft Malware Protection Centre, Windows XP users were nearly 10 times as likely to get infected by one of these worms in comparison to Windows 7.

“What we know, and talked about in volume 9 of our Security Intelligence Report last fall, is that a lot of malware uses Autorun as one of several propagation mechanisms,” blogged Adam Shostack, a program manager working in Trustworthy Computing for Microsoft. “Because of the very real positive uses of Autorun, we didn’t want to simply shut it off without a conversation. On the other hand, we believed action should be taken to shut down the misuse.”

The update still does not impact CDs or DVDs that contain AutoRun files. However, Shostack noted the company has not seen malware taking advantage of that, and malware on CDs or DVDs would likely have less of a widespread impact because people burn CDs less often than they insert USB drives.

Among the malware that abused the AutoRun feature were two of the most highly publicised pieces of malware in history, Conficker and Stuxnet.

“All in all, though, Microsoft has done a good thing here,” blogged Graham Cluley, senior technology consultant at Sophos. “Autorun was never a necessary technology in my point of view, and its exploitation by malware made it a dangerous liability. Locking it in a windowless room, handing it a service revolver and appealing to its sense of decency is probably the best move that we can make.”

Changing system behaviour is never a trivial thing, and Microsoft takes it seriously, Shostack wrote.

“It would be a bad outcome for people to think they have to make a trade-off between security and anything else,” he blogged. “Updates to protect against vulnerabilities are an important part of keeping a system secure. We had to be very confident that this change was the right balance for most people.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Reddit Introduces AI Search Tool

AI-powered Reddit Answers allows users to access information based on Reddit posts, in move to…

9 hours ago

Former OpenAI Researcher Raises $40m For AI Voice Start-Up

Former co-developer of voice mode for OpenAI's ChatGPT launches WaveForms AI to make AI voice…

10 hours ago

OpenAI Releases Sora Video-Generation Tool

OpenAI releases Sora AI video-generation tool to ChatGPT Plus and Pro subscription users amidst concern…

10 hours ago

Tesla To Use Human Back-Up Drivers For Cybercab Fleet

Tesla to initially use human back-up controllers for company-owned robotaxi fleet at launch next year,…

11 hours ago

China Opens Nvidia Antitrust Probe After US Sanctions

Chinese government opens antitrust probe into Nvidia's $7bn acquisition of Mellanox, in move seen as…

11 hours ago

Google Announces Quantum Chip Error ‘Breakthrough’

Google Willow quantum chip makes significant improvements in error correction, moving quantum computing closer to…

12 hours ago