SOFTWARE FACTORY Microsoft has finally issued a patch through its Windows Update service to disable Autorun.
For years Microsoft has been pushing for users to disable Autorun, a feature of Windows that automatically executes an application when removable media is detected by the operating system. The company found that Autorun was being used by malware authors as a way to propagate their malicious software, which led it to make wholesale changes to Autorun in Windows 7.
The changes to Autorun in Windows 7 were followed up by Microsoft issuing instructions on how to mimic the same protection for previous versions of Windows. However the firm has now included a patch through Windows Update classed as an "important, non-security update", to try to increase deployment.
Much of Adam Shostack's post on the subject explained why the patch wasn't labelled as a security update. Shostack, a program manager at Microsoft, went to great pains to differentiate the two patch classifications, saying, "at Microsoft we reserve the term 'Security Update' to mean 'a broadly released fix for a product-specific security-related vulnerability'." He continued, saying that Autorun affects "shiny media" such as CDs and DVDs but claimed that Microsoft's research had yet to see malware authors exploit Autorun in such media.
Microsoft has been forced to slow play the deployment of its Autorun patch due to the many legitimate applications that rely on the function. Shostack singled out companies that rely on the wholly irritating use of U3 software as one of the reasons Microsoft had to take this softly-softly approach to deprecating Autorun.
Be that as it may, Microsoft has finally taken the leap and issued an Autorun patch through its Windows Update service in the hope that those who rely on it to keep some semblance of security under Windows will install it. µ
Linux hits the DeX
The Net' is closing in
Firm was quick to CClean up after the attack
Sorry (not Siri)