Secunia Security Advisory - CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.
897e8b43199cc7b54d88fc6f1bc703a07e2f367b9e6587d09d038a54b7217341
----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Windows Vista "NoDriveTypeAutoRun" Security Issue
SECUNIA ADVISORY ID:
SA29458
VERIFY ADVISORY:
http://secunia.com/advisories/29458/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
Local system
OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/
DESCRIPTION:
CERT/CC has reported a security issue in Windows Vista, which can be
exploited by malicious people to bypass certain security settings.
AutoPlay is a feature designed to immediately begin reading from a
drive (e.g. run a setup file) when a media is inserted. According to
Microsoft, this feature can be disabled for all drives by setting the
value of the
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun"
registry key to "0xFF". However, as Windows Vista fails to properly
handle the mentioned registry key, this may still result in programs
being executed automatically when a media is inserted even with the
registry key value set to "0xFF".
Successful exploitation may result in execution of arbitrary code,
but requires physical access to a vulnerable system or that a user is
tricked into inserting a malicious media (e.g. USB device).
SOLUTION:
Restrict access to affected systems.
Do not insert any untrusted media even with the registry key value
set to disable AutoPlay for all drives.
PROVIDED AND/OR DISCOVERED BY:
Will Dormann and Jeff Gennari, CERT/CC.
ORIGINAL ADVISORY:
US-CERT VU#889747:
http://www.kb.cert.org/vuls/id/889747
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------