US-CERT: Microsoft's advice on Downadup is flawed
By secgeeks - Posted on January 24th, 2009
175
vote
from networkworld
In an alert issued Monday , US-CERT said Microsoft's instructions on turning off Autorun are "not fully effective" and "could be considered a vulnerability."
The flaw in Microsoft's guidelines are important at the moment, because the "Downadup" worm, which has compromised more computers than any other attack in years, can spread through USB devices, such as flash drives and cameras, by taking advantage of Windows' "Autorun" and "Autoplay" features.
Autorun, the focus of the US-CERT warning, lets Windows automatically run any program specified in the "autorun.inf" on, for example, a CD or a flash drive, as soon as the disc or device is inserted or connected. By default, Windows has Autorun enabled.
Continue reading here....
Bookmark/Search this post with:
Recent comments
30 weeks 1 day ago
32 weeks 5 days ago
1 year 1 week ago
1 year 1 week ago
1 year 1 week ago
1 year 18 weeks ago
1 year 33 weeks ago
2 years 24 weeks ago
2 years 25 weeks ago
2 years 27 weeks ago