(January 21, 2009)
The US Computer Emergency Readiness Team (US-CERT) has issued
a warning about advice from Microsoft about protecting PCs from
the Downadup worm. The method for disabling AutoRun/AutoPlay in
Microsoft's Windows operating systems does not completely disable
those functions, leaving PCs vulnerable to attack. US-CERT recommends
modifications to the Windows registry that will be effective in
disabling the AutoRun capabilities.
Internet Storm Center:
http://isc2.sans.org/diary.html?storyid=5695
http://www.computerworld.com/action/article.do?command=viewArticleBasic&a
rticleId=9126478&intsrc=hm_list
http://www.heise-online.co.uk/security/Microsoft-s-instructions-for-disabling-AutoRun-don-t-work--/news/112469
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
[Editor's Note (Skoudis): This is really a bummer, but it does illustrate
that we're going to be busy in the information security business for a
long time. Even our defensive mechanisms have flaws that are regularly
discovered. Make sure you implement this fix, and do so quickly.]