Microsoft continues to take aim at malware abusing the AutoRun feature in Windows – this time placing a fix into the Windows Update channel to prevent exploitation by attackers.
AutoRun is a feature that allows removable media such as USB devices and CDs to launch automatically whenever they are inserted; it is also one of the chief ways worms use to propagate.
Now, Microsoft is making the “non-security update” available via Windows Server Update Services, which is used by administrators to push updates out to users.
According to the Microsoft Malware Protection Centre, Windows XP users were nearly 10 times as likely to get infected by one of these worms in comparison to Windows 7.
“What we know, and talked about in volume 9 of our Security Intelligence Report last fall, is that a lot of malware uses Autorun as one of several propagation mechanisms,” blogged Adam Shostack, a program manager working in Trustworthy Computing for Microsoft. “Because of the very real positive uses of Autorun, we didn’t want to simply shut it off without a conversation. On the other hand, we believed action should be taken to shut down the misuse.”
The update still does not impact CDs or DVDs that contain AutoRun files. However, Shostack noted the company has not seen malware taking advantage of that, and malware on CDs or DVDs would likely have less of a widespread impact because people burn CDs less often than they insert USB drives.
Among the malware that abused the AutoRun feature were two of the most highly publicised pieces of malware in history, Conficker and Stuxnet.
“All in all, though, Microsoft has done a good thing here,” blogged Graham Cluley, senior technology consultant at Sophos. “Autorun was never a necessary technology in my point of view, and its exploitation by malware made it a dangerous liability. Locking it in a windowless room, handing it a service revolver and appealing to its sense of decency is probably the best move that we can make.”
Changing system behaviour is never a trivial thing, and Microsoft takes it seriously, Shostack wrote.
“It would be a bad outcome for people to think they have to make a trade-off between security and anything else,” he blogged. “Updates to protect against vulnerabilities are an important part of keeping a system secure. We had to be very confident that this change was the right balance for most people.”
AI-powered Reddit Answers allows users to access information based on Reddit posts, in move to…
Former co-developer of voice mode for OpenAI's ChatGPT launches WaveForms AI to make AI voice…
OpenAI releases Sora AI video-generation tool to ChatGPT Plus and Pro subscription users amidst concern…
Tesla to initially use human back-up controllers for company-owned robotaxi fleet at launch next year,…
Chinese government opens antitrust probe into Nvidia's $7bn acquisition of Mellanox, in move seen as…
Google Willow quantum chip makes significant improvements in error correction, moving quantum computing closer to…