Microsoft has finally fixed their methodology for disabling Autorun on Windows operating systems

Technet article 91525 describes a registry key that can be set to disable the Autorun feature in Windows operating systems. 

The registry key is NoDriveTypeAutoRun, which can be found at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

This key disables the Autoplay feature on all drives of the type specified.  Autoplay begins reading from a drive as soon as media is inserted in the drive. As a result, the setup file of programs and the sound on audio media starts immediately.

Unfortunately, this key did not produce the desired result of disabling the Double Click and Contextual Menu features.  Microsoft just released KB 953252, which describes how to obtain updates that correct these broken registry key settings in the following Windows Operating Systems:

Windows 2000
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1 and 2
Windows Vista

Note: Windows Server 2008 is not affected.

The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features:

• Double Click
• Contextual Menu
• AutoPlay

These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

Please see KB 952252 for security updates to each applicable operating system to disable autorun capabilities.  This KB also describes Group Policy settings to disable all Autorun features, plus instructions on selectively disabling specific Autorun features.

If you’re still not sure why you’d want to disable Autorun, check out Scott’s article on Autorun attacks.

2 Responses to “Microsoft has finally fixed their methodology for disabling Autorun on Windows operating systems”

  1. curriegrad2004 Says:

    For people who have their computers in a domain, this can be easily done via group policy. It’s under System in the Computer Configuration policy section.

  2. Bruce Judd Says:

    This worked just as you described – thank you for publishing your findings – I have found several to be very helpful.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: