Microsoft has released an optional software update yesterday which restricts the AutoRun functionality on older Windows operating systems, therefore blocking a common malware propagation vector.AutoRun is the feature responsible for automatically parsing autorun.inf files found on removable media devices, such as USB memory sticks, external HDDs, portable audio players, mobile phones, optical discs and so on.
For years security experts have camaigned against it, because it poses more security risks than usability benefits and is constantly abused by malware.
Microsoft recognized the dangers and limited the functionality by default in Windows 7 and Windows Server 2008 R2.
However, for older versions of Windows, such as XP, Vista, Server 2003 and Server 2008, the company only provided a fix that needed to be manually downloaded and installed.
That changed yesterday, when
KB971029 was released as optional through Windows Update.
"
We feel like now is the right time across the industry to be able to push this change out and have a pretty substantial impact on how malware spreads. This is really something that will help to further protect the ecosystem," Jerry Bryant, manager of response communications at Microsoft, told
The Register.The most prominent threat taking advantage of AutoRun to spread is the Conficker worm which took the world by storm in early 2009 and infected millions of computers.
Despite being abandoned by its creators, the huge botnet created by Conficker still exists today and infections with the worm still appear around the top in monthly statistics released by antivirus vendors.
BitDefender's report for January puts Conficker in the third position by number of detections. The first place is even more relevant as it's a generic detection for AutoRun worms, which shows that malware abusing this functionality is still very much active.
Find us on Google+
