Windows AutoPown
Why do we still use Windows?
Why is this capability even enabled by default?
Windows AutoPown. Sweet.
“Microsoft, doing it’s part to keep security professionals and hackers gainfully employed during this time of economic hardship.”
I guess we should be thankful.
National Cyber Alert System
Technical Cyber Security Alert TA09-020A
Microsoft Windows Does Not Disable AutoRun Properly
Original release date: January 20, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
Disabling AutoRun on Microsoft Windows systems can help prevent the
spread of malicious code. However, Microsoft's guidelines for
disabling AutoRun are not fully effective, which could be
considered a vulnerability.
I. Description
Microsoft Windows includes an AutoRun feature, which can
automatically run code when removable devices are connected to the
computer. AutoRun (and the closely related AutoPlay) can
unexpectedly cause arbitrary code execution in the following
situations:
* A removable device is connected to a computer. This includes, but
is not limited to, inserting a CD or DVD, connecting a USB or
Firewire device, or mapping a network drive. This connection can
result in code execution without any additional user interaction.
...