CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted.
| Secunia Advisory: | SA29458 | |
| Release Date: | 2008-03-21 | |
| Critical: |  Not critical |
|
| Impact: | Security Bypass | |
| Where: | Local system | |
| Solution Status: | Unpatched | |
| OS: | Microsoft Windows Vista | |
| CVE reference: | CVE-2008-0951 (Secunia mirror) | |
| This advisory is currently marked as unpatched! - Companies can be alerted when a patch is released! |
||
According to Microsoft, this feature can be disabled for all drives by setting the value of the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun" registry key to "0xFF". However, as Windows Vista fails to properly handle the mentioned registry key, this may still result in programs being executed automatically when a media is inserted even with the registry key value set to "0xFF".
Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g.USB device)
Solution:
Restrict access to affected systems.
Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives.
Provided and/or discovered by:
Will Dormann and Jeff Gennari, CERT/CC.
Original Advisory:
US-CERT VU#889747:
http://www.kb.cert.org/vuls/id/889747
www.vista123.net, tweak and customize Windows Vista easily.
