AOH :: IS1625.HTM

Microsoft's advice on Downadup leaves users open to attack, says US-CERT




Microsoft's advice on Downadup leaves users open to attack, says US-CERT
Microsoft's advice on Downadup leaves users open to attack, says US-CERT



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126478 

By Gregg Keizer
January 21, 2009 
Computerworld

Microsoft Corp.'s advice on disabling Windows' "Autorun" feature is 
flawed, the U.S. Computer Emergency Readiness Team (US-CERT) said today, 
and it leaves users who rely on its guidelines to protect their PCs 
against the fast-spreading Downadup worm open to attack.

In an alert issued on Monday, US-CERT said Microsoft's instructions on 
turning off Autorun are "not fully effective" and "could be considered a 
vulnerability."

The flaw in Microsoft's guidelines are important at the moment, because 
the "Downadup" worm, which has compromised more computers than any other 
attack in years, can spread through USB devices, such as flash drives 
and cameras, by taking advantage of Windows' Autorun and Autoplay 
features.

Autorun, the focus of the US-CERT warning, lets Windows automatically 
run any program specified in the "autorun.inf" on, for example, a CD or 
a flash drive, as soon as the disc or device is inserted or connected. 
By default, Windows has Autorun enabled.

[...]


_______________________________________________      
Best Selling Security Books & More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods